security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

*** empty log message ***

This commit is contained in:
Werner Koch 1998-09-28 19:25:31 +00:00
parent 0e3d05fdac
commit 41fa8a3345
58 changed files with 1105 additions and 729 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.am
View File

@ -1,7 +1,7 @@
## Process this file with automake to produce Makefile.in
SUBDIRS = intl po zlib util mpi cipher tools g10 doc checks
EXTRA_DIST = VERSION
EXTRA_DIST = VERSION PROJECTS
dist-hook:

14
NEWS
View File

@ -1,3 +1,17 @@
Noteworthy changes in version 0.4.1
-----------------------------------
* A secondary key is used when the primary key is specified but cannot
be used for the operation (if it is a sign-only key).
* GNUPG can now handle concatenated armored messages: There is still a
bug if different kinds of messages are mixed.
* Iterated+Salted passphrases now work. If want to be sure that PGP5
is able to handle them you may want to use the options
"--s2k-mode 3 --s2k-cipher-algo cast5 --s2k-digest-algo sha1"
when changing a passphrase.
Noteworthy changes in version 0.4.0
-----------------------------------
* Triple DES is now supported. Michael Roth did this piece of

6
PROJECTS Normal file
View File

@ -0,0 +1,6 @@
- abstraction of the MPI
- Add a way to override the current cipher/md implementations
by others (using extensions)

19
README
View File

@ -1,5 +1,3 @@
-----BEGIN PGP SIGNED MESSAGE-----
GNUPG - The GNU Privacy Guard
-------------------------------
Version 0.4
@ -49,7 +47,7 @@
The default algorithms are now DSA and ELGamal. ELGamal for signing
is still available, but due to the larger size of such signatures it
is depreciated (Please note that the GNUPG implementation of ElGamal
signatures is *not* insecure). Symmetric algorithms are: Blowfish
signatures is *not* insecure). Symmetric algorithms are: 3DES, Blowfish
and CAST5, Digest algorithms are MD5, RIPEMD160, SHA1 and TIGER/192.
@ -57,7 +55,9 @@
Installation
------------
See the file INSTALL. Here is a quick summary:
Please read the file INSTALL.
Here is a quick summary:
1) "./configure"
@ -321,7 +321,7 @@
ugly data structures, weird usage of filenames and other things.
The primary FTP site is "ftp://ftp.guug.de/pub/gcrypt/"
The primary WWW page is "http://www.d.shuttle.de/isil/crypt/gnupg.html"
The primary WWW page is "http://www.d.shuttle.de/isil/gnupg/"
If you like, send your keys to <gnupg-keys@isil.d.shuttle.de>; use
"gpg --export --armor | mail gnupg-keys@isil.d.shuttle.de" to do this.
@ -330,12 +330,3 @@
post them to the mailing list <g10@net.lut.ac.uk> (this is a closed list,
please subscribe before posting).
-----BEGIN PGP SIGNATURE-----
Version: GNUPG v0.3.5a (GNU/Linux)
Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/
iQB1AwUBNgJ6bB0Z9MEMmFelAQEBHgL+JhFVCrTAK2G3NVVVQBHXU5eucNx3tQQE3UucvSBA
YaKfX8dC5QU7wfgv8nFBXMK2mnAcJhJzBT6mZwxpzTZZTh7IS4qu//R9Vgy3A06ZddxKFf2M
YFelmgdpqTL6ntJC
=JZ3m
-----END PGP SIGNATURE-----

8
THANKS
View File

@ -15,12 +15,17 @@ Detlef Lannert lannert@lannert.rz.uni-duesseldorf.de
Ed Boraas ecxjo@esperanto.org
Ernst Molitor ernst.molitor@uni-bonn.de
Frank Heckenbach heckenb@mi.uni-erlangen.de
Gaël Quéri gqueri@mail.dotcom.fr
Hendrik Buschkamp buschkamp@rheumanet.org
Holger Schurig holger@d.om.org
Hugh Daniel hugh@toad.com
Ian McKellar imckellar@harvestroad.com.au
James Troup james@nocrew.org
Jean-loup Gailly gzip@prep.ai.mit.edu
Jens Bachem bachem@rrz.uni-koeln.de
Jörg Schilling schilling@fokus.gmd.de
Karl Fogel kfogel@guanabana.onshore.com
Karsten Thygesen karthy@kom.auc.dk
Lars Kellogg-Stedman lars@bu.edu
Marco d'Itri md@linux.it
Mark Adler madler@alumni.caltech.edu
@ -37,9 +42,10 @@ Paul D. Smith psmith@baynetworks.com
Peter Gutmann pgut001@cs.auckland.ac.nz
QingLong qinglong@bolizm.ihep.su
Ralph Gillen gillen@theochem.uni-duesseldorf.de
Roland Rosenfeld roland@spinnaker.rhein.de
Serge Munhoven munhoven@mema.ucl.ac.be
Steffen Ullrich ccrlphr@xensei.com
Steffen Zahn Steffen.Zahn@oen.siemens.de
Steffen Zahn zahn@berlin.snafu.de
Thomas Roessler roessler@guug.de
Tom Spindler dogcow@home.merit.edu
Tom Zerucha tzeruch@ceddec.com

22
TODO
View File

@ -1,11 +1,18 @@
* after creating a new uid, the preferences in the trustdb are not updated.
We should always sync the trustdb in such cases.
* write a tool to extract selected keys from a file.
* new menu to delete signatures and list signature in menu
* commandline controlled --edit-key with assumed save.
* -rdynamic auf Solaris Problem
* if --libdir is used, the extensions are put in a wrong place.
How does GNOME handle this or make a new option for this directory.
* Should we use the ElGamal subkey if the DSA keyid is given?
What about an option --loose-keyid-match?
* salted and iterated S2Ks don't work (see passphrase.c).
Hmmm, I don´ like to pass ot as a commandline option to cc.
* Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
@ -42,11 +49,6 @@
* Add some stuff for DU cc
* check for "expect" before running test genkey1024
* use "passphrase" instead of "pass phrase"
* Use "user ID", "trustdb" and "WARNING".
* armor.c cannot handle concatenated armored messages.
at least it should be possible to do this for "KEY BLOCK"

2
VERSION
View File

@ -1 +1 @@
0.4.0
0.4.0a

1
acconfig.h
View File

@ -80,6 +80,7 @@
#undef USE_SHM_COPROCESSING
#undef IPC_HAVE_SHM_LOCK
#undef IPC_RMID_DEFERRED_RELEASE
@BOTTOM@

11
acinclude.m4
View File

@ -116,6 +116,7 @@ define(WK_CHECK_CACHE,
######################################################################
# Check for SysV IPC (from GIMP)
# And see whether we have a SHM_LOCK (FreeBSD does not have it).
######################################################################
dnl WK_CHECK_IPC
dnl
@ -150,6 +151,15 @@ define(WK_CHECK_IPC,
AC_MSG_RESULT(yes),
AC_MSG_RESULT(no),
AC_MSG_RESULT(assuming no))
AC_MSG_CHECKING(whether SHM_LOCK is available)
AC_TRY_COMPILE([#include <sys/types.h>
#include <sys/ipc.h>
#include <sys/shm.h>],[
int foo( int shm_id ) { shmctl(shm_id, SHM_LOCK, 0); }
],
AC_DEFINE(IPC_HAVE_SHM_LOCK)
AC_MSG_RESULT(yes),
AC_MSG_RESULT(no))
fi
])
@ -165,6 +175,7 @@ define(WK_CHECK_MLOCK,
if test "$ac_cv_func_mlock" = "yes"; then
AC_MSG_CHECKING(whether mlock is broken)
AC_TRY_RUN([
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <sys/mman.h>

4
checks/ChangeLog
View File

@ -1,3 +1,7 @@
Wed Sep 23 12:25:07 1998 Werner Koch (wk@isil.d.shuttle.de)
* run-gpg.patterns: New (because Solaris fgrep does not like -f -).
Mon Aug 10 21:33:38 1998 Werner Koch (wk@(none))
* genkey1024.test: Ariel fixed this.

2
checks/Makefile.am
View File

@ -18,7 +18,7 @@ TEST_FILES = pubring.asc secring.asc plain-1o.asc plain-2o.asc plain-3o.asc \
DATA_FILES = data-500 data-9000 data-32000 data-80000
EXTRA_DIST = defs.inc run-gpg run-gpgm $(TESTS) $(TEST_FILES)
EXTRA_DIST = defs.inc run-gpg run-gpgm run-gpg.patterns $(TESTS) $(TEST_FILES)
CLEANFILES = prepared.stamp x y z out err $(DATA_FILES) \
plain-1 plain-2 plain-3
DISTCLEANFILES = pubring.gpg secring.gpg pubring.pkr secring.skr

14
checks/genkey1024.test
View File

@ -2,9 +2,19 @@
. $srcdir/defs.inc || exit 3
if which expect ; then
:
else
echo "\"expect\" needed but not found - test skipped"
exit 0
fi
expect - <<EOF
#set timeout -1
set timeout 5
set timeout 8
match_max 100000
spawn ../g10/gpg --no-batch --quick-random --homedir . --gen-key
expect {
@ -86,7 +96,7 @@ some other action (work in another window, move the mouse, utilize the\r
network and the disks) during the prime generation; this gives the random\r
number generator a better chance to gain enough entropy.\r" {}
timeout { exit 1 } }
set timeout 120
set timeout 600
expect {
-ex "public and secret key created and signed.\r" { exit 0 }
eof { exit 1 }

2
checks/mds.test
View File

@ -3,7 +3,7 @@
. $srcdir/defs.inc || exit 3
test_one () {
if [ "$(grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g')" != "$2" ]; then
if [ "`grep $1 y | sed -e 's/.*=[ ]\(.*\)/\1/' -e 's/ //g'`" != "$2" ]; then
failed="$failed $1"
fi
}

7
checks/run-gpg
View File

@ -10,11 +10,6 @@ else
rm err.tmp.$$
exit 1
fi
fgrep -v -f - err.tmp.$$ <<EOF
gpg: Good signature from
gpg: Signature made
gpg: note: cipher algorithm 3 not found in preferences
gpg: note: cipher algorithm 4 not found in preferences
EOF
fgrep -v -f run-gpg.patterns err.tmp.$$
rm err.tmp.$$

6
checks/run-gpg.patterns Normal file
View File

@ -0,0 +1,6 @@
gpg: Good signature from
gpg: Signature made
gpg: note: cipher algorithm 3 not found in preferences
gpg: note: cipher algorithm 4 not found in preferences
gpg: note: secret key 2E5FA4F4 is NOT protected.
gpg: note: secret key 439F02CA is NOT protected.

13
cipher/ChangeLog
View File

@ -1,3 +1,16 @@
Mon Sep 28 13:23:09 1998 Werner Koch (wk@isil.d.shuttle.de)
* md.c (md_digest): New.
(md_reset): New.
Wed Sep 23 12:27:02 1998 Werner Koch (wk@isil.d.shuttle.de)
* tiger.c (TIGER_CONTEXT): moved "buf", so that it is 64 bit aligned.
Mon Sep 21 06:22:53 1998 Werner Koch (wk@(none))
* des.c: Some patches from Michael.
Thu Sep 17 19:00:06 1998 Werner Koch (wk@(none))
* des.c : New file from Michael Roth <mroth@nessie.de>

4
cipher/Makefile.am
View File

@ -48,11 +48,11 @@ EXTRA_twofish_SOURCES = twofish.c
tiger: $(srcdir)/tiger.c
`echo $(COMPILE) -shared -fPIC -o tiger $(srcdir)/tiger.c | \
`echo $(COMPILE) -shared -fPIC -lc -o tiger $(srcdir)/tiger.c | \
sed -e 's/-O2/-O1/' `
twofish: $(srcdir)/twofish.c
`echo $(COMPILE) -shared -fPIC -o twofish $(srcdir)/twofish.c | \
`echo $(COMPILE) -shared -fPIC -lc -o twofish $(srcdir)/twofish.c | \
sed -e 's/-O2/ /' `

205
cipher/des.c
View File

@ -152,7 +152,6 @@
*/
typedef struct _des_ctx
{
int mode;
u32 encrypt_subkeys[32];
u32 decrypt_subkeys[32];
}
@ -163,19 +162,19 @@ des_ctx[1];
*/
typedef struct _tripledes_ctx
{
int mode;
u32 encrypt_subkeys[96];
u32 decrypt_subkeys[96];
}
tripledes_ctx[1];
static void des_key_schedule (const byte *, u32 *, int);
static void des_key_schedule (const byte *, u32 *);
static int des_setkey (struct _des_ctx *, const byte *);
static int des_ecb_crypt (struct _des_ctx *, const byte *, byte *, int);
static int tripledes_set2keys (struct _tripledes_ctx *, const byte *, const byte *);
static int tripledes_set3keys (struct _tripledes_ctx *, const byte *, const byte *, const byte *);
static int tripledes_ecb_crypt (struct _tripledes_ctx *, const byte *, byte *, int);
static int is_weak_key ( const byte *key );
static const char *selftest (void);
@ -308,18 +307,58 @@ u32 rightkey_swap[16] =
/*
* Numbers of left shifts per round for encryption subkey schedule
* To calculate the decryption key scheduling we just reverse the
* ordering of the subkeys so we can omit the table for decryption
* subkey schedule.
*/
static byte encrypt_rotate_tab[16] =
{
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
};
/*
* Numbers of right shifts per round for decryption subkey schedule
* Table with weak DES keys sorted in ascending order.
* In DES their are 64 known keys wich are weak. They are weak
* because they produce only one, two or four different
* subkeys in the subkey scheduling process.
* The keys in this table have all their parity bits cleared.
*/
static byte decrypt_rotate_tab[16] =
static byte weak_keys[64][8] =
{
0, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, { 0x00, 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e },
{ 0x00, 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0 }, { 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe },
{ 0x00, 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e }, { 0x00, 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00 },
{ 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe }, { 0x00, 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0 },
{ 0x00, 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0 }, { 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe },
{ 0x00, 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00 }, { 0x00, 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e },
{ 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe }, { 0x00, 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0 },
{ 0x00, 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e }, { 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00 },
{ 0x0e, 0x0e, 0x0e, 0x0e, 0xf0, 0xf0, 0xf0, 0xf0 }, { 0x1e, 0x00, 0x00, 0x1e, 0x0e, 0x00, 0x00, 0x0e },
{ 0x1e, 0x00, 0x1e, 0x00, 0x0e, 0x00, 0x0e, 0x00 }, { 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0, 0xfe },
{ 0x1e, 0x00, 0xfe, 0xe0, 0x0e, 0x00, 0xfe, 0xf0 }, { 0x1e, 0x1e, 0x00, 0x00, 0x0e, 0x0e, 0x00, 0x00 },
{ 0x1e, 0x1e, 0x1e, 0x1e, 0x0e, 0x0e, 0x0e, 0x0e }, { 0x1e, 0x1e, 0xe0, 0xe0, 0x0e, 0x0e, 0xf0, 0xf0 },
{ 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe, 0xfe }, { 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00, 0xfe },
{ 0x1e, 0xe0, 0x1e, 0xe0, 0x0e, 0xf0, 0x0e, 0xf0 }, { 0x1e, 0xe0, 0xe0, 0x1e, 0x0e, 0xf0, 0xf0, 0x0e },
{ 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0, 0xfe, 0x00 }, { 0x1e, 0xfe, 0x00, 0xe0, 0x0e, 0xfe, 0x00, 0xf0 },
{ 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe }, { 0x1e, 0xfe, 0xe0, 0x00, 0x0e, 0xfe, 0xf0, 0x00 },
{ 0x1e, 0xfe, 0xfe, 0x1e, 0x0e, 0xfe, 0xfe, 0x0e }, { 0xe0, 0x00, 0x00, 0xe0, 0xf0, 0x00, 0x00, 0xf0 },
{ 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e, 0xfe }, { 0xe0, 0x00, 0xe0, 0x00, 0xf0, 0x00, 0xf0, 0x00 },
{ 0xe0, 0x00, 0xfe, 0x1e, 0xf0, 0x00, 0xfe, 0x0e }, { 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00, 0xfe },
{ 0xe0, 0x1e, 0x1e, 0xe0, 0xf0, 0x0e, 0x0e, 0xf0 }, { 0xe0, 0x1e, 0xe0, 0x1e, 0xf0, 0x0e, 0xf0, 0x0e },
{ 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e, 0xfe, 0x00 }, { 0xe0, 0xe0, 0x00, 0x00, 0xf0, 0xf0, 0x00, 0x00 },
{ 0xe0, 0xe0, 0x1e, 0x1e, 0xf0, 0xf0, 0x0e, 0x0e }, { 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe, 0xfe },
{ 0xe0, 0xfe, 0x00, 0x1e, 0xf0, 0xfe, 0x00, 0x0e }, { 0xe0, 0xfe, 0x1e, 0x00, 0xf0, 0xfe, 0x0e, 0x00 },
{ 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0, 0xfe }, { 0xe0, 0xfe, 0xfe, 0xe0, 0xf0, 0xfe, 0xfe, 0xf0 },
{ 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00, 0xfe }, { 0xfe, 0x00, 0x1e, 0xe0, 0xfe, 0x00, 0x0e, 0xf0 },
{ 0xfe, 0x00, 0xe0, 0x1e, 0xfe, 0x00, 0xf0, 0x0e }, { 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00, 0xfe, 0x00 },
{ 0xfe, 0x1e, 0x00, 0xe0, 0xfe, 0x0e, 0x00, 0xf0 }, { 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e, 0xfe },
{ 0xfe, 0x1e, 0xe0, 0x00, 0xfe, 0x0e, 0xf0, 0x00 }, { 0xfe, 0x1e, 0xfe, 0x1e, 0xfe, 0x0e, 0xfe, 0x0e },
{ 0xfe, 0xe0, 0x00, 0x1e, 0xfe, 0xf0, 0x00, 0x0e }, { 0xfe, 0xe0, 0x1e, 0x00, 0xfe, 0xf0, 0x0e, 0x00 },
{ 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0, 0xfe }, { 0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf0, 0xfe, 0xf0 },
{ 0xfe, 0xfe, 0x00, 0x00, 0xfe, 0xfe, 0x00, 0x00 }, { 0xfe, 0xfe, 0x1e, 0x1e, 0xfe, 0xfe, 0x0e, 0x0e },
{ 0xfe, 0xfe, 0xe0, 0xe0, 0xfe, 0xfe, 0xf0, 0xf0 }, { 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe }
};
@ -359,7 +398,7 @@ static byte decrypt_rotate_tab[16] =
/*
* A full DES round including 'expansion funtion', 'sbox substitution'
* A full DES round including 'expansion function', 'sbox substitution'
* and 'primitive function P' but without swapping the left and right word.
*/
#define DES_ROUND(from, to, work, subkey) \
@ -403,23 +442,22 @@ static byte decrypt_rotate_tab[16] =
/*
* des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for one DES round
* des_key_schedule(): Calculate 16 subkeys pairs (even/odd) for
* 16 encryption rounds.
* To calculate subkeys for decryption the caller
* have to reorder the generated subkeys.
*
* rawkey: 8 Bytes of key data
* subkey: Array of at least 32 u32s. Will be filled
* with calculated subkeys.
* mode: Key schedule mode.
* mode == 0: Calculate subkeys to encrypt
* mode != 0: Calculate subkeys to decrypt
*
*/
static void
des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
des_key_schedule (const byte * rawkey, u32 * subkey)
{
u32 left, right, work;
int round;
READ_64BIT_DATA (rawkey, left, right)
DO_PERMUTATION (right, work, left, 4, 0x0f0f0f0f)
@ -441,20 +479,8 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
for (round = 0; round < 16; ++round)
{
if (mode)
{
/* decrypt */
left = ((left >> decrypt_rotate_tab[round]) | (left << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff;
right = ((right >> decrypt_rotate_tab[round]) | (right << (28 - decrypt_rotate_tab[round]))) & 0x0fffffff;
}
else
{
/* encrypt */
left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
}
left = ((left << encrypt_rotate_tab[round]) | (left >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
right = ((right << encrypt_rotate_tab[round]) | (right >> (28 - encrypt_rotate_tab[round]))) & 0x0fffffff;
*subkey++ = ((left << 4) & 0x24000000)
| ((left << 28) & 0x10000000)
@ -514,11 +540,15 @@ des_key_schedule (const byte * rawkey, u32 * subkey, int mode)
static int
des_setkey (struct _des_ctx *ctx, const byte * key)
{
if (!ctx || !key)
return -1;
int i;
des_key_schedule (key, ctx->encrypt_subkeys, 0);
des_key_schedule (key, ctx->decrypt_subkeys, 1);
des_key_schedule (key, ctx->encrypt_subkeys);
for(i=0; i<32; i+=2)
{
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
}
return 0;
}
@ -535,9 +565,6 @@ des_ecb_crypt (struct _des_ctx *ctx, const byte * from, byte * to, int mode)
u32 left, right, work;
u32 *keys;
if (!ctx || !from || !to)
return -1;
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
READ_64BIT_DATA (from, left, right)
@ -570,17 +597,25 @@ tripledes_set2keys (struct _tripledes_ctx *ctx,
const byte * key1,
const byte * key2)
{
if (!ctx || !key1 || !key2)
return -1;
int i;
des_key_schedule (key1, ctx->encrypt_subkeys, 0);
des_key_schedule (key1, ctx->decrypt_subkeys, 1);
des_key_schedule (key1, ctx->encrypt_subkeys);
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1);
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0);
for(i=0; i<32; i+=2)
{
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[30-i];
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[31-i];
des_key_schedule (key1, &(ctx->encrypt_subkeys[64]), 0);
des_key_schedule (key1, &(ctx->decrypt_subkeys[64]), 1);
ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
ctx->encrypt_subkeys[i+64] = ctx->encrypt_subkeys[i];
ctx->encrypt_subkeys[i+65] = ctx->encrypt_subkeys[i+1];
ctx->decrypt_subkeys[i+64] = ctx->decrypt_subkeys[i];
ctx->decrypt_subkeys[i+65] = ctx->decrypt_subkeys[i+1];
}
return 0;
}
@ -598,17 +633,23 @@ tripledes_set3keys (struct _tripledes_ctx *ctx,
const byte * key2,
const byte * key3)
{
if (!ctx || !key1 || !key2 || !key3)
return -1;
int i;
des_key_schedule (key1, ctx->encrypt_subkeys, 0);
des_key_schedule (key1, ctx->decrypt_subkeys, 1);
des_key_schedule (key1, ctx->encrypt_subkeys);
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]));
des_key_schedule (key3, &(ctx->encrypt_subkeys[64]));
des_key_schedule (key2, &(ctx->encrypt_subkeys[32]), 1);
des_key_schedule (key2, &(ctx->decrypt_subkeys[32]), 0);
for(i=0; i<32; i+=2)
{
ctx->decrypt_subkeys[i] = ctx->encrypt_subkeys[94-i];
ctx->decrypt_subkeys[i+1] = ctx->encrypt_subkeys[95-i];
des_key_schedule (key3, &(ctx->encrypt_subkeys[64]), 0);
des_key_schedule (key3, &(ctx->decrypt_subkeys[64]), 1);
ctx->encrypt_subkeys[i+32] = ctx->decrypt_subkeys[62-i];
ctx->encrypt_subkeys[i+33] = ctx->decrypt_subkeys[63-i];
ctx->decrypt_subkeys[i+64] = ctx->encrypt_subkeys[30-i];
ctx->decrypt_subkeys[i+65] = ctx->encrypt_subkeys[31-i];
}
return 0;
}
@ -617,6 +658,7 @@ tripledes_set3keys (struct _tripledes_ctx *ctx,
/*
* Electronic Codebook Mode Triple-DES encryption/decryption of data according to 'mode'.
* Sometimes this mode is named 'EDE' mode (Encryption-Decryption-Encryption).
*/
static int
tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, int mode)
@ -624,9 +666,6 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
u32 left, right, work;
u32 *keys;
if (!ctx || !from || !to)
return -1;
keys = mode ? ctx->decrypt_subkeys : ctx->encrypt_subkeys;
READ_64BIT_DATA (from, left, right)
@ -666,17 +705,45 @@ tripledes_ecb_crypt (struct _tripledes_ctx *ctx, const byte * from, byte * to, i
}
/*
* Check whether the 8 byte key is weak.
* Dose not check the parity bits of the key but simple ignore them.
*/
static int
is_weak_key ( byte *key )
is_weak_key ( const byte *key )
{
return 0; /* FIXME */
byte work[8];
int i, left, right, middle, cmp_result;
/* clear parity bits */
for(i=0; i<8; ++i)
work[i] = key[i] & 0xfe;
/* binary search in the weak key table */
left = 0;
right = 63;
while(1)
{
middle = (left + right) / 2;
if ( !(cmp_result=memcmp(work, weak_keys[middle], 8)) )
return -1;
if ( left == right )
break;
if ( cmp_result > 0 )
left = middle + 1;
else
right = middle - 1;
}
return 0;
}
/*
* Performs a selftest of this DES/Triple-DES implementation.
* Returns an string with the error text on failure.
@ -717,12 +784,14 @@ selftest (void)
memcpy (input, temp1, 8);
}
if (memcmp (temp3, result, 8))
return "DES maintenace test failed.";
return "DES maintenance test failed.";
}
/*
* Triple-DES test (Does somebody known on official test?)
* Triple-DES test (Do somebody known on official test?)
*
* FIXME: This test doesn't use tripledes_set3keys() !
*/
{
int i;
@ -749,6 +818,20 @@ selftest (void)
return "TRIPLE-DES test failed.";
}
/*
* Check the weak key detection. We simply assume the table with
* weak keys is ok and check every key in the table if it is
* detected... (This test is a little bit stupid)
*/
{
int i;
for (i = 0; i < 64; ++i)
if (!is_weak_key(weak_keys[i]))
return "DES weak key detection failed";
}
return 0;
}
@ -759,11 +842,11 @@ do_tripledes_setkey ( struct _tripledes_ctx *ctx, byte *key, unsigned keylen )
if( keylen != 24 )
return G10ERR_WRONG_KEYLEN;
tripledes_set3keys ( ctx, key, key+8, key+16);
if( is_weak_key( key ) || is_weak_key( key+8 ) || is_weak_key( key+16 ) )
return G10ERR_WEAK_KEY;
tripledes_set3keys ( ctx, key, key+8, key+16);
return 0;
}
@ -800,7 +883,7 @@ des_get_info( int algo, size_t *keylen,
if( !did_selftest ) {
const char *s = selftest();
if( s )
log_fatal("selftest failed: %s", s );
log_fatal("selftest failed: %s\n", s );
did_selftest = 1;
}

81
cipher/md.c
View File

@ -256,7 +256,7 @@ md_copy( MD_HANDLE a )
: m_alloc( sizeof *b );
memcpy( b, a, sizeof *a );
b->list = NULL;
/* and now copy the compelte list of algorithms */
/* and now copy the complete list of algorithms */
/* I know that the copied list is reversed, but that doesn't matter */
for( ar=a->list; ar; ar = ar->next ) {
br = a->secure ? m_alloc_secure( sizeof *br + ar->contextsize )
@ -269,6 +269,23 @@ md_copy( MD_HANDLE a )
}
/****************
* Reset all contexts and discard any buffered stuuf. This may be used
* instead of a md_close(); md_open().
*/
void
md_reset( MD_HANDLE a )
{
struct md_digest_list_s *r;
a->bufcount = 0;
for( r=a->list; r; r = r->next ) {
memset( r->context, 0, r->contextsize );
(*r->init)( &r->context );
}
}
void
md_close(MD_HANDLE a)
{
@ -331,7 +348,7 @@ md_read( MD_HANDLE a, int algo )
if( !algo ) { /* return the first algorithm */
if( (r=a->list) ) {
if( r->next )
log_error("warning: more than algorithm in md_read(0)\n");
log_debug("more than algorithm in md_read(0)\n");
return (*r->read)( &r->context );
}
}
@ -344,6 +361,58 @@ md_read( MD_HANDLE a, int algo )
return NULL;
}
/****************
* This function combines md_final and md_read but keeps the context
* intact. This function can be used to calculate intermediate
* digests. The digest is copied into buffer and the digestlength is
* returned. If buffer is NULL only the needed size for buffer is returned.
* buflen gives the max size of buffer. If the buffer is too shourt to
* hold the complete digest, the buffer is filled with as many bytes are
* possible and this value is returned.
*/
int
md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen )
{
struct md_digest_list_s *r = NULL;
char *context;
char *digest;
if( a->bufcount )
md_write( a, NULL, 0 );
if( !algo ) { /* return digest for the first algorithm */
if( (r=a->list) && r->next )
log_debug("more than algorithm in md_digest(0)\n");
}
else {
for(r=a->list; r; r = r->next )
if( r->algo == algo )
break;
}
if( !r )
BUG();
if( !buffer )
return r->mdlen;
/* I don't want to change the interface, so I simply work on a copy
* the context (extra overhead - should be fixed)*/
context = a->secure ? m_alloc_secure( r->contextsize )
: m_alloc( r->contextsize );
memcpy( context, r->context, r->contextsize );
(*r->final)( context );
digest = (*r->read)( context );
if( buflen > r->mdlen )
buflen = r->mdlen;
memcpy( buffer, digest, buflen );
m_free(context);
return buflen;
}
int
md_get_algo( MD_HANDLE a )
{
@ -423,5 +492,13 @@ md_stop_debug( MD_HANDLE md )
fclose(md->debug);
md->debug = NULL;
}
#ifdef HAVE_U64_TYPEDEF
{ /* a kludge to pull in the __muldi3 for Solaris */
volatile u32 a = (u32)md;
volatile u32 b = 42;
volatile u64 c;
c = a * b;
}
#endif
}

2
cipher/pubkey.c
View File

@ -480,7 +480,7 @@ pubkey_decrypt( int algo, MPI *result, MPI *data, MPI *skey )
/****************
* This is the interface to the public key signing.
* Sign hash with skey and put the result into resarr which
* Sign data with skey and put the result into resarr which
* should be an array of MPIs of size PUBKEY_MAX_NSIG (or less if the
* algorithm allows this - check with pubkey_get_nsig() )
*/

2
cipher/tiger.c
View File

@ -29,9 +29,9 @@
typedef struct {
u64 a, b, c;
u32 nblocks;
byte buf[64];
int count;
u32 nblocks;
} TIGER_CONTEXT;

5
configure.in
View File

@ -254,14 +254,15 @@ fi
AC_SUBST(ZLIBS)
AM_GNU_GETTEXT
G10_LOCALEDIR="$g10_prefix/$DATADIRNAME/locale"
AC_SUBST(G10_LOCALEDIR)
AC_DEFINE_UNQUOTED(G10_LOCALEDIR, "$G10_LOCALEDIR")
WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
dnl WK_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl )
WK_DO_LINK_FILES
AM_GNU_GETTEXT
AC_OUTPUT([
Makefile
intl/Makefile

92
doc/HACKING Normal file
View File

@ -0,0 +1,92 @@
A Hacker's Guide to GNUPG
================================
(Some notes on GNUPG internals.)
Memory allocation
-----------------
Use only the functions:
m_alloc()
m_alloc_clear()
m_strdup()
m_free()
If you want to store a passphrase or some other sensitive data you may
want to use m_alloc_secure() instead of m_alloc(), as this puts the data
into a memory region which is protected from swapping (on some platforms).
m_free() works for both. This functions will not return if there is not
enough memory available.
Logging
-------
Option parsing
---------------
GNUPG does not use getopt or GNU getopt but functions of it's own. See
util/argparse.c for details. The advantage of these funtions is that
it is more easy to display and maintain the help texts for the options.
The same option table is also used to parse resource files.
What is an iobuf
----------------
This is the data structure used for most I/O of gnupg. It is similiar
to System V Streams but much simpler. It should be replaced by a cleaner
and faster implementation. We are doing to much copying and the semantics
of "filter" removing are not very clean. EOF handling is also a problem.
How to use the message digest functions
---------------------------------------
cipher/md.c implements an interface to hash (message diesgt functions).
a) If you have a common part of data and some variable parts
and you need to hash of the concatenated parts, you can use this:
md = md_open(...)
md_write( md, common_part )
md1 = md_copy( md )
md_write(md1, part1)
md_final(md1);
digest1 = md_read(md1)
md2 = md_copy( md )
md_write(md2, part2)
md_final(md2);
digest2 = md_read(md2)
An example are key signatures; the key packet is the common part
and the user-id packets are the variable parts.
b) If you need a running digest you should use this:
md = md_open(...)
md_write( md, part1 )
digest_of_part1 = md_digest( md );
md_write( md, part2 )
digest_of_part1_cat_part2 = md_digest( md );
....
Both methods may be combined. [Please see the source for the real syntax]
How to use the cipher functions
-------------------------------
How to use the public key functions
-----------------------------------

11
doc/Makefile.am
View File

@ -1,9 +1,18 @@
## Process this file with automake to create Makefile.in
EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ
EXTRA_DIST = DETAILS rfcs gpg.1pod gpg.1 FAQ HACKING
man_MANS = gpg.1
install-data-hook:
if test -f $(man1dir)/gpgm.1; then rm $(man1dir)/gpgm.1; fi
ln -s $(man1dir)/gpg.1 $(man1dir)/gpgm.1 \
|| ln $(man1dir)/gpg.1 $(man1dir)/gpgm.1
%: %pod
pod2man $< --section=`echo $@ | sed 's/^.*(?)$$/$$&/'`\
--release="`date -r $< '+%d %b %Y'`"\

46
doc/gpg.1pod
View File

@ -75,7 +75,7 @@ B<-k> [I<username>] [I<keyring>]
B<-kvc> List fingerprints
B<-kvvc> List fingerprints and signatures
B<--list-keys> [I<names>]
B<--list-keys> [I<names>]
List all keys from the public keyrings, or just the
ones given on the command line.
@ -83,7 +83,7 @@ B<--list-secret-keys> [I<names>]
List all keys from the secret keyrings, or just the
ones given on the command line.
B<--list-sigs> [I<names>]
B<--list-sigs> [I<names>]
Same as B<--list-keys>, but the signatures are listed
too.
@ -201,7 +201,7 @@ B<--import-ownertrust> [I<filename>]
Long options can be put in an options file (default F<~/.gnupg/options>);
do not write the 2 dashes, but simply the name of the option and any
arguments if required. Lines with a hash as the first non-white-space
arguments if required. Lines with a hash as the first non-white-space
character are ignored. Commands may be put in this file too, but that
does not make sense.
@ -324,6 +324,26 @@ B<--digest-algo> I<name>
program with the option B<--verbose> yields a list of
supported algorithms.
B<--s2k-cipher-algo> I<name>
Use I<name> as the cipher algorithm used to protect secret
keys. The default cipher is BLOWFISH. This cipher is
also used for conventional encryption if B<--cipher-algo>
is not given.
B<--s2k-digest-algo> I<name>
Use I<name> as the digest algorithm used to mangle the
passphrases. The default algorithm is RIPE-MD-160.
This digest algorithm is also used for conventional
encryption if B<--digest-algo> is not given.
B<--s2k-mode> I<number>
Selects how passphrases are mangled: A number of I<0>
uses the plain passphrase (which is not recommended),
a I<1> (default) adds a salt to the passphrase and
I<3> interates the whole process a couple of times.
Unless -B<--rfc1991> is used, this mode is also used
for conventional encryption.
B<--compress-algo> I<number>
Use compress algorithm I<number>. Default is I<2> which is
RFC1950 compression; you may use I<1> to use the old zlib
@ -333,6 +353,12 @@ B<--compress-algo> I<number>
If this is not used the OpenPGP behaviour is used; i.e.
the compression algorith is selected from the preferences.
B<--digest-algo> I<name>
Use I<name> as message digest algorithm. Running the
program with the option B<--verbose> yields a list of
supported algorithms.
B<--throw-keyid>
Do not put the keyid into encrypted packets. This option
hides the receiver of the message and is a countermeasure
@ -385,11 +411,11 @@ a signature was bad and other errorcode for fatal errors.
=head1 EXAMPLES
-se -r Bob [file] sign and encrypt for user Bob
-sat [file] make a clear text signature
-sb [file] make a detached signature
-k [userid] show keys
-kc [userid] show fingerprint
-se -r Bob [file] sign and encrypt for user Bob
-sat [file] make a clear text signature
-sb [file] make a detached signature
-k [userid] show keys
-kc [userid] show fingerprint
=head1 ENVIRONMENT
@ -404,13 +430,13 @@ F<~/.gnupg/pubring.gpg> The public keyring
F<~/.gnupg/trustdb.gpg> The trust database
F<~/.gnupg/options> May contain options
F<~/.gnupg/options> May contain options
F</usr[/local]/lib/gnupg/> Default location for extensions
=head1 SEE ALSO
gpgm(1) gpgd(1)
gpg(1) gpgm(1)
=head1 WARNINGS

94
g10/ChangeLog
View File

@ -1,21 +1,67 @@
Fri Sep 18 16:50:32 1998 Werner Koch (wk@(none))
Mon Sep 28 12:57:12 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (verify_own_keys): Add warning if a key is not protected.
* passphrase (hash_passphrase): Fixed iterated+salted mode and
setup for keysizes > hashsize.
* g10.c (main): New options: --s2k-{cipher,digest,mode}.
Fri Sep 25 09:34:23 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c: Chnaged some help texts.
Tue Sep 22 19:34:39 1998 Werner Koch (wk@isil.d.shuttle.de)
* passphrase.c (read_passphrase_from_fd): fixed bug for long
passphrases.
Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none))
* getkey.c (lookup): Add code to use the sub key if the primary one
does not match the usage.
* armor.c (armor_filter): New error message: no valid data found.
(radix64_read): Changes to support multiple messages.
(i18n.h): New.
* mainproc.c (add_onepass_sig): bug fix.
Mon Sep 21 08:03:16 1998 Werner Koch (wk@isil.d.shuttle.de)
* pkclist.c (do_we_trust): Add keyid to most messages.
* passphrase.c (read_passphrase_from_fd): New.
(have_static_passphrase): New
(get_passphrase_fd): Removed.
(set_passphrase_fd): Removed.
* g10.c (main): passphrase is now read here.
* keyedit.c (keyedit_menu): "help" texts should now translate fine.
Mon Sep 21 06:40:02 1998 Werner Koch (wk@isil.d.shuttle.de)
* encode.c (encode_simple): Now disables compression
when --rfc1991 is used.
(encode_crypt): Ditto.
Fri Sep 18 16:50:32 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (merge_key_and_selfsig): New.
Fri Sep 18 10:20:11 1998 Werner Koch (wk@(none))
Fri Sep 18 10:20:11 1998 Werner Koch (wk@isil.d.shuttle.de)
* pkclist.c (select_algo_from_prefs): Removed 3DEs kludge.
* pkclist.c (select_algo_from_prefs): Removed 3DES kludge.
* seskey.c (make_session_key): Fixed SERIOUS bug introduced
by adding the weak key detection code.
* sign.c (sign_file): Changed aremor header in certain cases.
Tue Sep 15 17:52:55 1998 Werner Koch (wk@(none))
Tue Sep 15 17:52:55 1998 Werner Koch (wk@isil.d.shuttle.de)
* mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp.
Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none))
Mon Sep 14 11:40:52 1998 Werner Koch (wk@isil.d.shuttle.de)
* seskey.c (make_session_key): Now detects weak keys.
@ -24,17 +70,17 @@ Mon Sep 14 11:40:52 1998 Werner Koch (wk@(none))
* plaintext.c (handle_plaintext): Does no anymore suppress CR from
cleartext signed messages.
Sun Sep 13 12:54:29 1998 Werner Koch (wk@(none))
Sun Sep 13 12:54:29 1998 Werner Koch (wk@isil.d.shuttle.de)
* trustdb.c (insert_trust_record): Fixed a stupid bug in the free
liunked list loops.
Sat Sep 12 15:49:16 1998 Werner Koch (wk@(none))
Sat Sep 12 15:49:16 1998 Werner Koch (wk@isil.d.shuttle.de)
* status.c (remove_shmid): New.
(init_shm_comprocess): Now sets permission to the real uid.
Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none))
Wed Sep 9 11:15:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to
implement it.
@ -42,11 +88,11 @@ Wed Sep 9 11:15:03 1998 Werner Koch (wk@(none))
* getkey.c (enum_secret_keys): Add new ar and changed all callers.
Tue Sep 8 20:04:09 1998 Werner Koch (wk@(none))
Tue Sep 8 20:04:09 1998 Werner Koch (wk@isil.d.shuttle.de)
* delkey.c (delete_key): Moved from keyedit.c.
Mon Sep 7 16:37:52 1998 Werner Koch (wk@(none))
Mon Sep 7 16:37:52 1998 Werner Koch (wk@isil.d.shuttle.de)
* build-packet.c (calc_length_header): New arg new_ctb to correctly
calculate the length of new style packets.
@ -55,7 +101,7 @@ Mon Sep 7 16:37:52 1998 Werner Koch (wk@(none))
* pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5.
Tue Aug 11 17:54:50 1998 Werner Koch (wk@(none))
Tue Aug 11 17:54:50 1998 Werner Koch (wk@isil.d.shuttle.de)
* build-packet.c (do_secret_key): Fixed handling of old keys.
@ -63,7 +109,7 @@ Tue Aug 11 17:54:50 1998 Werner Koch (wk@(none))
* openfile.c (open_outfile): Changed arguments and all callers.
Tue Aug 11 09:14:35 1998 Werner Koch (wk@(none))
Tue Aug 11 09:14:35 1998 Werner Koch (wk@isil.d.shuttle.de)
* encode.c (encode_simple): Applied option set-filename and comment.
(encode_crypt): Ditto.
@ -87,7 +133,7 @@ Tue Aug 11 09:14:35 1998 Werner Koch (wk@(none))
* status.c (cpr_get_answer_is_yes): add display_help.
Mon Aug 10 10:11:28 1998 Werner Koch (wk@(none))
Mon Aug 10 10:11:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (lookup_sk): Now always returns the primary if arg
primary is true.
@ -96,15 +142,15 @@ Mon Aug 10 10:11:28 1998 Werner Koch (wk@(none))
(get_seckey_byname): Ditto.
Mon Aug 10 08:34:03 1998 Werner Koch (wk@(none))
Mon Aug 10 08:34:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* keyid.c (pubkey_letter): ELG_E is now a small g.
Sat Aug 8 17:26:12 1998 Werner Koch (wk@(none))
Sat Aug 8 17:26:12 1998 Werner Koch (wk@isil.d.shuttle.de)
* openfile (overwrite_filep): Changed semantics and all callers.
Sat Aug 8 12:17:07 1998 Werner Koch (wk@(none))
Sat Aug 8 12:17:07 1998 Werner Koch (wk@isil.d.shuttle.de)
* status.c (display_help): New.
@ -118,7 +164,7 @@ Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold)
secret keyrings and add additional warning in case of
a failed secret keyring operation.
Wed Aug 5 11:54:37 1998 Werner Koch (wk@(none))
Wed Aug 5 11:54:37 1998 Werner Koch (wk@isil.d.shuttle.de)
* g10.c (check_opts): Moved to main. Changed def_cipher_algo
semantics and chnaged all users.
@ -131,7 +177,7 @@ Wed Aug 5 11:54:37 1998 Werner Koch (wk@(none))
* build-packet.c (do_secret_key): Ditto.
(do_symkey_enc): Ditto.
Tue Aug 4 08:59:10 1998 Werner Koch (wk@(none))
Tue Aug 4 08:59:10 1998 Werner Koch (wk@isil.d.shuttle.de)
* getkey.c (enum_secret_keys): Now returns only primary keys.
@ -142,36 +188,36 @@ Tue Aug 4 08:59:10 1998 Werner Koch (wk@(none))
* sign.c (sign_file): one-pass sigs are now emiited reverse.
Preference data is considered when selecting the compress algo.
Wed Jul 29 12:53:03 1998 Werner Koch (wk@(none))
Wed Jul 29 12:53:03 1998 Werner Koch (wk@isil.d.shuttle.de)
* free-packet.c (copy_signature): New.
* keygen.c (generate_subkeypair): rewritten
* g10.c (aKeyadd): Removed option --add-key
Mon Jul 27 10:37:28 1998 Werner Koch (wk@(none))
Mon Jul 27 10:37:28 1998 Werner Koch (wk@isil.d.shuttle.de)
* seckey-cert.c (do_check): Additional check on cipher blocksize.
(protect_secret_key): Ditto.
* encr-data.c: Support for other blocksizes.
* cipher.c (write_header): Ditto.
Fri Jul 24 16:47:59 1998 Werner Koch (wk@(none))
Fri Jul 24 16:47:59 1998 Werner Koch (wk@isil.d.shuttle.de)
* kbnode.c (insert_kbnode): Changed semantics and all callers.
* keyedit.c : More or less a complete rewrite
Wed Jul 22 17:10:04 1998 Werner Koch (wk@(none))
Wed Jul 22 17:10:04 1998 Werner Koch (wk@isil.d.shuttle.de)
* build-packet.c (write_sign_packet_header): New.
Tue Jul 21 14:37:09 1998 Werner Koch (wk@(none))
Tue Jul 21 14:37:09 1998 Werner Koch (wk@isil.d.shuttle.de)
* import.c (import_one): Now creates a trustdb record.
* g10.c (main): New command --check-trustdb
Mon Jul 20 11:15:07 1998 Werner Koch (wk@(none))
Mon Jul 20 11:15:07 1998 Werner Koch (wk@isil.d.shuttle.de)
* genkey.c (generate_keypair): Default key is now DSA with
encryption only ElGamal subkey.

2
g10/Makefile.am
View File

@ -71,6 +71,8 @@ gpgm_SOURCES = dearmor.c \
#gpgd_SOURCES = gpgd.c \
# ks-proto.h \
# ks-proto.c \
# ks-db.c \
# ks-db.h \
# $(common_source)

2
g10/OPTIONS
View File

@ -49,7 +49,7 @@ compress-sigs
run-as-shm-coprocess [request-locked-shm-size]
# very special :-)
# You will have to use "--status-fd" too
# Note: This option dioes only work if given on the command line.
set-filename <name>
# Set <name> as the filename into the plaintext packet

48
g10/armor.c
View File

@ -34,6 +34,7 @@
#include "options.h"
#include "main.h"
#include "status.h"
#include "i18n.h"
#define CRCINIT 0xB704CE
@ -51,7 +52,7 @@ static int is_initialized;
typedef enum {
fhdrHASArmor,
fhdrHASArmor = 0,
fhdrNOArmor,
fhdrINIT,
fhdrINITCont,
@ -331,12 +332,12 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( buf[n-1] == '\r' )
buf[--n] = 0;
if( opt.verbose ) {
log_info("armor header: ");
log_info(_("armor header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
}
if( clearsig && !(hashes=parse_hash_header( buf )) ) {
log_error("invalid clearsig header\n");
log_error(_("invalid clearsig header\n"));
state = fhdrERROR;
}
else {
@ -362,7 +363,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
}
}
else {
log_error("invalid armor header: ");
log_error(_("invalid armor header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
@ -371,7 +372,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
else if( c != -1 ) {
if( strchr( buf, ':') ) { /* buffer to short, but this is okay*/
if( opt.verbose ) {
log_info("armor header: ");
log_info(_("armor header: "));
print_string( stderr, buf, n, 0 );
fputs("[...]\n", stderr); /* indicate it is truncated */
}
@ -436,7 +437,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
if( hdr_line == BEGIN_SIGNED_MSG_IDX )
clearsig = 1;
if( opt.verbose > 1 )
log_info("armor: %s\n", head_strings[hdr_line]);
log_info(_("armor: %s\n"), head_strings[hdr_line]);
break;
case fhdrCLEARSIG:
@ -480,7 +481,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
fhdrREADClearsig : fhdrTESTSpaces;
}
else {
log_error("invalid dash escaped line: ");
log_error(_("invalid dash escaped line: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
@ -549,7 +550,7 @@ find_header( fhdr_state_t state, byte *buf, size_t *r_buflen,
} break;
case fhdrERRORShow:
log_error("invalid clear text header: ");
log_error(_("invalid clear text header: "));
print_string( stderr, buf, n, 0 );
putc('\n', stderr);
state = fhdrERROR;
@ -779,7 +780,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
break;
}
else if( (c = asctobin[(c2=c)]) == 255 ) {
log_error("invalid radix64 character %02x skipped\n", c2);
log_error(_("invalid radix64 character %02x skipped\n"), c2);
continue;
}
switch(idx) {
@ -797,7 +798,10 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
afx->idx = idx;
afx->radbuf[0] = val;
if( checkcrc ) {
afx->inp_eof = 1; /*assume eof */
afx->any_data = 1;
afx->inp_checked=0;
afx->faked = 0;
afx->parse_state = 0;
for(;;) { /* skip lf and pad characters */
if( afx->helpidx < afx->helplen )
c = afx->helpbuf[afx->helpidx++];
@ -809,7 +813,7 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
break;
}
if( c == -1 )
log_error("premature eof (no CRC)\n");
log_error(_("premature eof (no CRC)\n"));
else {
u32 mycrc = 0;
idx = 0;
@ -828,15 +832,15 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
break;
} while( ++idx < 4 );
if( c == -1 ) {
log_error("premature eof (in CRC)\n");
log_error(_("premature eof (in CRC)\n"));
rc = G10ERR_INVALID_ARMOR;
}
else if( idx != 4 ) {
log_error("malformed CRC\n");
log_error(_("malformed CRC\n"));
rc = G10ERR_INVALID_ARMOR;
}
else if( mycrc != afx->crc ) {
log_error("CRC error; %06lx - %06lx\n",
log_error(_("CRC error; %06lx - %06lx\n"),
(ulong)afx->crc, (ulong)mycrc);
rc = G10ERR_INVALID_ARMOR;
}
@ -855,11 +859,11 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
if( rc == -1 )
rc = 0;
else if( rc == 2 ) {
log_error("premature eof (in Trailer)\n");
log_error(_("premature eof (in Trailer)\n"));
rc = G10ERR_INVALID_ARMOR;
}
else {
log_error("error in trailer line\n");
log_error(_("error in trailer line\n"));
rc = G10ERR_INVALID_ARMOR;
}
#endif
@ -874,7 +878,6 @@ radix64_read( armor_filter_context_t *afx, IOBUF a, size_t *retn,
return rc;
}
/****************
* This filter is used to handle the armor stuff
*/
@ -914,13 +917,6 @@ armor_filter( void *opaque, int control,
if( size < 15+(4*15) ) /* need space for up to 4 onepass_sigs */
BUG(); /* supplied buffer too short */
if( afx->inp_eof ) {
*ret_len = 0;
if( DBG_FILTER )
log_debug("armor-filter: eof due to inp_eof flag\n" );
return -1;
}
if( afx->faked )
rc = fake_packet( afx, a, &n, buf, size );
else if( !afx->inp_checked ) {
@ -1021,7 +1017,7 @@ armor_filter( void *opaque, int control,
}
else
iobuf_writestr(a,
"Comment: Get GNUPG from ftp://ftp.guug.de/pub/gcrypt/\n");
"Comment: For info finger gcrypt@ftp.guug.de\n");
if( afx->hdrlines )
iobuf_writestr(a, afx->hdrlines);
iobuf_put(a, '\n');
@ -1120,6 +1116,8 @@ armor_filter( void *opaque, int control,
iobuf_writestr(a, tail_strings[afx->what] );
iobuf_writestr(a, "-----\n");
}
else if( !afx->any_data && !afx->inp_bypass )
log_error(_("no valid RFC1991 or OpenPGP data found.\n"));
}
else if( control == IOBUFCTRL_DESC )
*(char**)buf = "armor_filter";

16
g10/encode.c
View File

@ -76,6 +76,7 @@ encode_simple( const char *filename, int mode )
cipher_filter_context_t cfx;
armor_filter_context_t afx;
compress_filter_context_t zfx;
int do_compress = opt.compress && !opt.rfc1991;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
@ -92,12 +93,12 @@ encode_simple( const char *filename, int mode )
cfx.dek = NULL;
if( mode ) {
s2k = m_alloc_clear( sizeof *s2k );
s2k->mode = opt.rfc1991? 0:1;
s2k->mode = opt.rfc1991? 0:opt.s2k_mode;
s2k->hash_algo = opt.def_digest_algo ? opt.def_digest_algo
: DEFAULT_DIGEST_ALGO;
: opt.s2k_digest_algo;
cfx.dek = passphrase_to_dek( NULL,
opt.def_cipher_algo ? opt.def_cipher_algo
: DEFAULT_CIPHER_ALGO , s2k, 2 );
: opt.s2k_cipher_algo , s2k, 2 );
if( !cfx.dek || !cfx.dek->keylen ) {
rc = G10ERR_PASSPHRASE;
m_free(cfx.dek);
@ -158,13 +159,13 @@ encode_simple( const char *filename, int mode )
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
cfx.datalen = filesize && !opt.compress ? calc_packet_length( &pkt ) : 0;
cfx.datalen = filesize && !do_compress ? calc_packet_length( &pkt ) : 0;
/* register the cipher filter */
if( mode )
iobuf_push_filter( out, cipher_filter, &cfx );
/* register the compress filter */
if( opt.compress )
if( do_compress )
iobuf_push_filter( out, compress_filter, &zfx );
/* do the work */
@ -197,6 +198,7 @@ encode_crypt( const char *filename, STRLIST remusr )
armor_filter_context_t afx;
compress_filter_context_t zfx;
PK_LIST pk_list;
int do_compress = opt.compress && !opt.rfc1991;
memset( &cfx, 0, sizeof cfx);
memset( &afx, 0, sizeof afx);
@ -270,12 +272,12 @@ encode_crypt( const char *filename, STRLIST remusr )
pt->buf = inp;
pkt.pkttype = PKT_PLAINTEXT;
pkt.pkt.plaintext = pt;
cfx.datalen = filesize && !opt.compress? calc_packet_length( &pkt ) : 0;
cfx.datalen = filesize && !do_compress? calc_packet_length( &pkt ) : 0;
/* register the cipher filter */
iobuf_push_filter( out, cipher_filter, &cfx );
/* register the compress filter */
if( opt.compress ) {
if( do_compress ) {
int compr_algo = select_algo_from_prefs( pk_list, PREFTYPE_COMPR );
if( !compr_algo )
; /* don't use compression */

2
g10/filter.h
View File

@ -42,7 +42,7 @@ typedef struct {
int parse_state;
int inp_checked; /* set if inp has been checked */
int inp_bypass; /* set if the input is not armored */
int inp_eof;
int any_data;
const char *hdrlines;
} armor_filter_context_t;

116
g10/g10.c
View File

@ -135,6 +135,9 @@ enum cmd_and_opt_values { aNull = 0,
oSetFilename,
oComment,
oThrowKeyid,
oS2KMode,
oS2KDigest,
oS2KCipher,
aTest };
@ -212,6 +215,11 @@ static ARGPARSE_OPTS opts[] = {
{ oMarginalsNeeded, "marginals-needed", 1, N_("(default is 3)")},
{ oLoadExtension, "load-extension" ,2, N_("|file|load extension module")},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oS2KMode, "s2k-mode", 1, N_("|N| use passphrase mode N")},
{ oS2KDigest, "s2k-digest-algo",2,
N_("|NAME| use message digest algorithm NAME for passphrases")},
{ oS2KCipher, "s2k-cipher-algo",2,
N_("|NAME| use cipher algorithm NAME for passphrases")},
#ifdef IS_G10
{ oCipherAlgo, "cipher-algo", 2 , N_("|NAME|use cipher algorithm NAME")},
{ oDigestAlgo, "digest-algo", 2 , N_("|NAME|use message digest algorithm NAME")},
@ -226,10 +234,10 @@ static ARGPARSE_OPTS opts[] = {
#ifdef IS_G10
{ 302, NULL, 0, N_("@\nExamples:\n\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" -sat [file] make a clear text signature\n"
" -sb [file] make a detached signature\n"
" -k [userid] show keys\n"
" -kc [userid] show fingerprint\n" ) },
" --clearsign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprints\n" ) },
#endif
/* hidden options */
@ -472,11 +480,15 @@ main( int argc, char **argv )
const char *trustdb_name = NULL;
char *def_cipher_string = NULL;
char *def_digest_string = NULL;
char *s2k_cipher_string = NULL;
char *s2k_digest_string = NULL;
int pwfd = -1;
#ifdef USE_SHM_COPROCESSING
ulong requested_shm_size=0;
#endif
trap_unaligned();
secmem_set_flags( secmem_get_flags() | 2 ); /* suspend warnings */
#ifdef IS_G10MAINT
secmem_init( 0 ); /* disable use of secmem */
maybe_setuid = 0;
@ -497,6 +509,9 @@ main( int argc, char **argv )
opt.def_cipher_algo = 0;
opt.def_digest_algo = 0;
opt.def_compress_algo = 2;
opt.s2k_mode = 1; /* salted */
opt.s2k_digest_algo = DIGEST_ALGO_RMD160;
opt.s2k_cipher_algo = CIPHER_ALGO_BLOWFISH;
opt.completes_needed = 1;
opt.marginals_needed = 3;
opt.homedir = getenv("GNUPGHOME");
@ -527,8 +542,34 @@ main( int argc, char **argv )
default_config = 0; /* --no-options */
else if( pargs.r_opt == oHomedir )
opt.homedir = pargs.r.ret_str;
#ifdef USE_SHM_COPROCESSING
else if( pargs.r_opt == oRunAsShmCP ) {
/* does not make sense in a options file, we do it here,
* so that we are the able to drop setuid as soon as possible */
opt.shm_coprocess = 1;
requested_shm_size = pargs.r.ret_ulong;
}
#endif
}
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess ) {
#ifdef IS_G10
init_shm_coprocessing(requested_shm_size, 1 );
#else
init_shm_coprocessing(requested_shm_size, 0 );
#endif
}
#endif
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
maybe_setuid = 0;
/* Okay, we are now working under our real uid */
#endif
if( default_config )
configname = make_filename(opt.homedir, "options", NULL );
@ -550,7 +591,7 @@ main( int argc, char **argv )
else {
log_error(_("option file '%s': %s\n"),
configname, strerror(errno) );
g10_exit(1);
g10_exit(2);
}
m_free(configname); configname = NULL;
}
@ -654,16 +695,18 @@ main( int argc, char **argv )
case oDoNotExportRSA: opt.do_not_export_rsa = 1; break;
case oCompressSigs: opt.compress_sigs = 1; break;
case oRunAsShmCP:
#ifdef USE_SHM_COPROCESSING
opt.shm_coprocess = 1;
requested_shm_size = pargs.r.ret_ulong;
#else
#ifndef USE_SHM_COPROCESSING
/* not possible in the option file,
* but we print the warning here anyway */
log_error("shared memory coprocessing is not available\n");
#endif
break;
case oSetFilename: opt.set_filename = pargs.r.ret_str; break;
case oComment: opt.comment_string = pargs.r.ret_str; break;
case oThrowKeyid: opt.throw_keyid = 1; break;
case oS2KMode: opt.s2k_mode = pargs.r.ret_int; break;
case oS2KDigest: s2k_digest_string = m_strdup(pargs.r.ret_str); break;
case oS2KCipher: s2k_cipher_string = m_strdup(pargs.r.ret_str); break;
#ifdef IS_G10
case oRemote: /* store the remote users */
@ -680,7 +723,7 @@ main( int argc, char **argv )
locusr = sl;
break;
case oCompress: opt.compress = pargs.r.ret_int; break;
case oPasswdFD: set_passphrase_fd( pargs.r.ret_int ); break;
case oPasswdFD: pwfd = pargs.r.ret_int; break;
case oCipherAlgo: def_cipher_string = m_strdup(pargs.r.ret_str); break;
case oDigestAlgo: def_digest_string = m_strdup(pargs.r.ret_str); break;
case oNoSecmemWarn: secmem_set_flags( secmem_get_flags() | 1 ); break;
@ -709,22 +752,7 @@ main( int argc, char **argv )
tty_printf("%s\n", strusage(15) );
}
#ifdef USE_SHM_COPROCESSING
if( opt.shm_coprocess ) {
#ifdef IS_G10
init_shm_coprocessing(requested_shm_size, 1 );
#else
init_shm_coprocessing(requested_shm_size, 0 );
#endif
}
#endif
#ifdef IS_G10
/* initialize the secure memory. */
secmem_init( 16384 );
maybe_setuid = 0;
/* Okay, we are now working under our real uid */
#endif
secmem_set_flags( secmem_get_flags() & ~2 ); /* resume warnings */
set_debug();
@ -742,12 +770,29 @@ main( int argc, char **argv )
if( check_digest_algo(opt.def_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
if( s2k_cipher_string ) {
opt.s2k_cipher_algo = string_to_cipher_algo(s2k_cipher_string);
m_free(s2k_cipher_string); s2k_cipher_string = NULL;
if( check_cipher_algo(opt.s2k_cipher_algo) )
log_error(_("selected cipher algorithm is invalid\n"));
}
if( s2k_digest_string ) {
opt.s2k_digest_algo = string_to_digest_algo(s2k_digest_string);
m_free(s2k_digest_string); s2k_digest_string = NULL;
if( check_digest_algo(opt.s2k_digest_algo) )
log_error(_("selected digest algorithm is invalid\n"));
}
if( opt.def_compress_algo < 1 || opt.def_compress_algo > 2 )
log_error(_("compress algorithm must be in range %d..%d\n"), 1, 2);
if( opt.completes_needed < 1 )
log_error(_("completes-needed must be greater than 0\n"));
if( opt.marginals_needed < 2 )
log_error(_("marginals-needed must be greater than 1\n"));
switch( opt.s2k_mode ) {
case 0: case 1: case 3: break;
default:
log_error(_("invalid S2K mode; must be 0, 1 or 3\n"));
}
if( log_get_errorcount(0) )
g10_exit(2);
@ -795,20 +840,11 @@ main( int argc, char **argv )
FREE_STRLIST(nrings);
FREE_STRLIST(sec_nrings);
if( argc )
fname = *argv;
else {
fname = NULL;
if( get_passphrase_fd() == 0 ) {
/* reading data and passphrase from stdin:
* we assume the first line is the passphrase, so
* we should read it now.
*
* We should do it here, but for now it is not needed.
* Anyway, this password scheme is not quite good
*/
}
}
if( pwfd != -1 ) /* read the passphrase now. */
read_passphrase_from_fd( pwfd );
fname = argc? *argv : NULL;
switch( cmd ) {
case aPrimegen:

27
g10/getkey.c
View File

@ -31,6 +31,7 @@
#include "keydb.h"
#include "options.h"
#include "main.h"
#include "i18n.h"
#define MAX_PK_CACHE_ENTRIES 500
@ -789,9 +790,6 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
}
}
else { /* keyid or fingerprint lookup */
/* No need to compare the usage here, as we already have the
* keyid to use
*/
if( DBG_CACHE && (mode== 10 || mode==11) ) {
log_debug("lookup keyid=%08lx%08lx req_algo=%d mode=%d\n",
(ulong)keyid[0], (ulong)keyid[1],
@ -867,6 +865,29 @@ lookup( PKT_public_key *pk, int mode, u32 *keyid,
merge_one_pk_and_selfsig( keyblock, keyblock );
}
else {
if( primary && pk->pubkey_usage
&& check_pubkey_algo2( k->pkt->pkt.public_key->pubkey_algo,
pk->pubkey_usage ) == G10ERR_WR_PUBKEY_ALGO ) {
/* if the usage is not correct, try to use a subkey */
KBNODE save_k = k;
for( ; k; k = k->next ) {
if( k->pkt->pkttype == PKT_PUBLIC_SUBKEY
&& !check_pubkey_algo2(
k->pkt->pkt.public_key->pubkey_algo,
pk->pubkey_usage ) )
break;
}
if( !k )
k = save_k;
else
log_info(_("using secondary key %08lX "
"instead of primary key %08lX\n"),
(ulong)keyid_from_pk( k->pkt->pkt.public_key, NULL),
(ulong)keyid_from_pk( save_k->pkt->pkt.public_key, NULL)
);
}
copy_public_key_new_namehash( pk, k->pkt->pkt.public_key,
use_namehash? namehash:NULL);
merge_one_pk_and_selfsig( keyblock, k );

9
g10/gpgd.c
View File

@ -18,6 +18,15 @@
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
/****************
* This is a spinning server for most purposes, the server does only
* fork for updates (which may require signature checks and lengthy DB
* operations).
*
* see ks-proto.c for the used protocol.
* see ks-db.c for the layout of the database.
*/
#include <config.h>
#include <stdio.h>
#include <errno.h>

15
g10/import.c
View File

@ -459,7 +459,7 @@ import_secret_one( const char *fname, KBNODE keyblock )
_("can't lock secret keyring: %s\n"), g10_errstr(rc) );
else if( (rc=insert_keyblock( &kbpos, keyblock )) )
log_error_f(keyblock_resource_name(&kbpos),
_("can't write keyring\n"), g10_errstr(rc) );
_("can't write keyring: %s\n"), g10_errstr(rc) );
unlock_keyblock( &kbpos );
/* we are ready */
log_info_f(fname, _("key %08lX: secret key imported\n"), (ulong)keyid[1]);
@ -655,16 +655,17 @@ delete_inv_parts( const char *fname, KBNODE keyblock, u32 *keyid )
else if( node->pkt->pkttype == PKT_SIGNATURE
&& node->pkt->pkt.signature->sig_class == 0x20 ) {
if( uid_seen ) {
log_error_f(fname, _("key %08lX: revocation certificate at wrong "
"place - skipped\n"), fname, (ulong)keyid[1]);
log_error_f(fname, _("key %08lX: revocation certificate "
"at wrong place - skipped\n"),
(ulong)keyid[1]);
delete_kbnode( node );
}
else {
int rc = check_key_signature( keyblock, node, NULL);
if( rc ) {
log_error_f(fname, _("key %08lX: invalid revocation certificate"
": %s - skipped\n"),
fname, (ulong)keyid[1], g10_errstr(rc));
log_error_f(fname, _("key %08lX: invalid revocation "
"certificate: %s - skipped\n"),
(ulong)keyid[1], g10_errstr(rc));
delete_kbnode( node );
}
}
@ -788,7 +789,7 @@ append_uid( KBNODE keyblock, KBNODE node, int *n_sigs,
/* at lease a self signature comes next to the user-id */
if( node->next->pkt->pkttype == PKT_USER_ID ) {
log_error_f(fname, _("key %08lX: our copy has no self-signature\n"),
fname, (ulong)keyid[1]);
(ulong)keyid[1]);
return G10ERR_GENERAL;
}

4
g10/keydb.h
View File

@ -99,8 +99,8 @@ int build_sk_list( STRLIST locusr, SK_LIST *ret_sk_list,
int unlock, unsigned usage );
/*-- passphrase.h --*/
void set_passphrase_fd( int fd );
int get_passphrase_fd(void);
int have_static_passphrase(void);
void read_passphrase_from_fd( int fd );
DEK *passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode);
void set_next_passphrase( const char *s );
char *get_last_passphrase(void);

12
g10/keyedit.c
View File

@ -199,7 +199,6 @@ check_all_keysigs( KBNODE keyblock, int only_selected )
}
/****************
* Loop over all locusr and and sign the uids after asking.
* If no user id is marked, all user ids will be signed;
@ -259,10 +258,9 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified )
(ulong)sk_keyid[1] );
continue;
}
/* Ask whether we realy should sign these user id(s) */
/* Ask whether we really should sign these user id(s) */
tty_printf("\n");
show_key_with_all_names( keyblock, 1, 1, 0, 0 );
tty_printf("\n");
tty_printf(_(
"Are you really sure that you want to sign this key\n"
"with your key: \""));
@ -372,9 +370,9 @@ change_passphrase( KBNODE keyblock )
set_next_passphrase( NULL );
for(;;) {
s2k->mode = 1;
s2k->hash_algo = DIGEST_ALGO_RMD160;
dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo;
dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
if( !dek ) {
tty_printf(_("passphrase not correctly repeated; try again.\n"));
}
@ -556,7 +554,7 @@ keyedit_menu( const char *username, STRLIST locusr )
if( cmds[i].need_sk && !sec_keyblock )
; /* skip if we do not have the secret key */
else if( cmds[i].desc )
tty_printf("%-10s %s\n", cmds[i].name, cmds[i].desc );
tty_printf("%-10s %s\n", cmds[i].name, _(cmds[i].desc) );
}
break;

12
g10/keygen.c
View File

@ -687,9 +687,9 @@ ask_passphrase( STRING2KEY **ret_s2k )
s2k = m_alloc_secure( sizeof *s2k );
for(;;) {
s2k->mode = 1;
s2k->hash_algo = DIGEST_ALGO_RMD160;
dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo;
dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
if( !dek ) {
tty_printf(_("passphrase not correctly repeated; try again.\n"));
}
@ -970,10 +970,10 @@ generate_subkeypair( KBNODE pub_keyblock, KBNODE sec_keyblock )
if( passphrase ) {
s2k = m_alloc_secure( sizeof *s2k );
s2k->mode = 1;
s2k->hash_algo = DIGEST_ALGO_RMD160;
s2k->mode = opt.s2k_mode;
s2k->hash_algo = opt.s2k_digest_algo;
set_next_passphrase( passphrase );
dek = passphrase_to_dek( NULL, CIPHER_ALGO_BLOWFISH, s2k, 2 );
dek = passphrase_to_dek( NULL, opt.s2k_cipher_algo, s2k, 2 );
}
rc = do_create( algo, nbits, pub_keyblock, sec_keyblock,

305
g10/ks-proto.c
View File

@ -42,245 +42,114 @@
* X-Key-MTime: <last modification time>
* X-Key-LID: <local_key_id_used_for_update_etc>
* [fixme: is X-.... allowed?]
*
*/
#include <config.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <ctype.h>
#include "util.h"
#include "ks-proto.h"
#if 0
/****************
* Read a protocol line
*/
static int
read_line( FILE *fp )
do_read( int fd, char *buffer, size_t bufsize, int *ret_nread )
{
return -1;
int n;
fd_set rfds;
struct timeval tv;
int rc;
*ret_nread = 0;
do {
FD_ZERO(&rfds);
FD_SET(fd, &rfds);
tv.tv_sec = 1;
tv.tv_usec = 0;
if( !(rc=select(fd+1, &rfds, NULL, NULL, &tv)) )
return 0; /* timeout */
if( rc == -1 ) {
log_error("select() error: %s\n", strerror(errno));
return -1;
}
do {
n = read(fd, buffer, bufsize );
if( n >= 0 && n > bufsize )
log_bug("bogus read from fd %d (n=%d)\n", fd, n );
} while( n == -1 && errno == EINTR );
if( n == -1 ) {
log_error("read error on fd %d: %s\n", fd, strerror(errno) );
return -1;
}
} while( !n );
*ret_nread = n;
return 0;
}
/****************
* Send a HKP request
*/
int
hkp_request( int operation, const char *user_id )
{
}
/************************************************
******* client communication stuff ************
************************************************/
/****************
* Initialisieren des clients
* Es wird ein Handle zurückgegeben oder -1 bei einem fehler.
* z.Z. ist nut eine Verbindung gleichzeitig möglich.
* Wenn einer serverpid von 0 angegeben wird, so wird diese
* der environment variabeln ATEXDB_PID entnommen.
*/
int
hkp_open( const char *serverurl )
ks_get_request( int fd, KS_TRANS *req )
{
const char *s;
char *p, *p2, buf[500];
int nread, n;
int state = 0;
s = SERVER_NAME_TEMPLATE;
client.serv_name = xmalloc(strlen(s) + 10 );
sprintf(client.serv_name,s, serverpid );
if( opt.verbose )
Info("Using unix domain stream '%s'", client.serv_name );
req->err = 0;
req->data = NULL;
while( !do_read( fd, buf, DIM(buf)-1, &nread ) {
p = buf;
if( !state ) {
/* replace the trailing LF with a 0 */
for(p2=p,n=0; n < nread && *p2 != '\n'; p2++ )
;
if( *p2 != '\n' ) {
req->err = KS_ERR_REQ_TOO_LONG;
break;
}
*p2++ = 0;
n++;
memset( &client.serv_addr, 0, sizeof client.serv_addr );
client.serv_addr.sun_family = AF_UNIX;
strcpy( client.serv_addr.sun_path, client.serv_name );
client.serv_addr_len = strlen(client.serv_addr.sun_path)
+ sizeof client.serv_addr.sun_family;
client.sockfd = -1;
if( DoCheckVersion() )
return -1;
return 0;
}
static int
DoConnect()
{
if( client.sockfd != -1 )
DoDisconnect();
if( (client.sockfd = socket(AF_UNIX, SOCK_STREAM, 0)) == -1 ) {
Error(1000,"can't open unix domain socket");
return 1;
}
if( connect(client.sockfd, (struct sockaddr*)&client.serv_addr,
client.serv_addr_len) == -1 ) {
Error(1000,"can't connect to '%s'",client.serv_addr.sun_path);
return 1;
}
return 0; /* okay */
}
static int
DoDisconnect()
{
if( client.sockfd != -1 ) {
close(client.sockfd);
client.sockfd = -1;
}
return 0; /* okay */
}
/****************
* NBYTES auf den aktuellen stream schreiben.
*/
static int
DoWrite( void *buf, size_t nbytes )
{
size_t nleft = nbytes;
ssize_t nwritten;
while( nleft > 0 ) {
/* FIXME: add EINTR handling */
nwritten = write(client.sockfd, buf, nleft);
if( nwritten < 0 ) {
Error(1000,"error writing to server");
return -1;
/* now look at the request. Note that the isspace() will work
* because there is still a CR before the 0 */
if( (p[0] == 'G' || p[0] == 'g')
&& (p[1] == 'E' || p[1] == 'e')
&& (p[2] == 'T' || p[2] == 't') && isspace( p[3] ) ) {
req->cmd = KS_REQ_GET;
p += 4;
}
else if( (p[0] == 'H' || p[0] == 'h')
&& (p[1] == 'E' || p[1] == 'e')
&& (p[2] == 'A' || p[2] == 'a')
&& (p[3] == 'D' || p[3] == 'd') && isspace( p[4] ) ) {
req->cmd = KS_REQ_HEAD;
p += 5;
}
else if( (p[0] == 'H' || p[0] == 'h')
&& (p[1] == 'E' || p[1] == 'e')
&& (p[2] == 'L' || p[2] == 'l')
&& (p[3] == 'P' || p[3] == 'p') && isspace( p[4] ) ) {
req->cmd = KS_REQ_HELP;
p += 5;
}
else
req->cmd = KS_REQ_UNKNOWN;
/* skip spaces, store args and remaining data */
while( *p == ' ' || *p == '\t' )
p++;
/* fixme: remove trailing blanks from args */
req->args = p;
p = p2; /* p now points to the remaining n bytes in the buffer */
state = 1;
}
nleft -= nwritten;
buf = (char*)buf + nwritten;
}
return 0;
}
static int
DoWriteStr( const char *s )
{
return DoWrite((char *)s, strlen(s) );
}
static int
DoRead( void *buf, size_t buflen, size_t *ret_nread, int stop)
{
size_t nleft = buflen;
int nread;
char *p;
p = buf;
while( nleft > 0 ) {
/* FIXME: add EINTR handling */
nread = read(client.sockfd, buf, stop? 1 : nleft);
if( nread < 0 ) {
Error(1000,"error reading from server");
return -1;
if( state == 1 ) {
/* read the option lines */
}
else if( !nread )
break; /* EOF */
nleft -= nread;
buf = (char*)buf + nread;
if( stop )
for(; p < (char*)buf ; p++ )
if( *p == '\n' )
goto leave;
}
leave:
if( ret_nread )
*ret_nread = buflen - nleft;
return 0;
}
/****************
* Like DoRead(), but append the received data to the given strgbuf.
* read a maximum of nbytes;
*/
static int
DoReadIntoStrgbuf( strgbuf_t *strgbuf, size_t nbytes, size_t *ret_nread)
{
size_t ntotal, nleft;
int nread;
byte *p, buffer[1000];
ntotal = 0;
nleft = nbytes;
while( nleft ) {
nread = read(client.sockfd, buffer,
nleft > DIM(buffer)? DIM(buffer) : nleft);
if( nread < 0 ) {
Error(1000,"error reading from server");
return -1;
}
else if( !nread )
break; /* EOF */
nleft -= nread;
ntotal += nread;
/* ab in den stringbuffer */
for(p=buffer; nread; nread--, p++ )
PutStrgbuf(strgbuf, *p );
}
if( ret_nread )
*ret_nread = ntotal;
return 0;
}
/****************
* In retval wird das numerische argument nach OK zurückgegeben
*/
static int
DoRequest( char *request, long *retval )
{
if( DoWrite(request, strlen(request)) )
return -1;
return DoWaitReply( retval );
}
static int
DoWaitReply( long *retval )
{
char *p, buf[200]; /* enough room for messages */
size_t nread;
/* read but stop at the first newline */
if( DoRead(buf, DIM(buf)-2, &nread, 1 ) )
return -1;
buf[DIM(buf)-1] = 0;
/* fixme: should check, that we have the linefeed and otherwise
* perform a dummy read */
if( p = strchr(buf, '\n') )
*p = 0;
if( *buf == 'O' && buf[1] == 'K' && (buf[2]==' ' || !buf[2]) ) {
if( retval )
*retval = buf[2]? strtol(buf+3, NULL, 10 ):0;
return 0;
}
Error(0, "Server replied: %.60s", buf );
return -1;
}
#endif

4
g10/mainproc.c
View File

@ -88,8 +88,10 @@ add_onepass_sig( CTX c, PACKET *pkt )
if( c->list->pkt->pkttype != PKT_ONEPASS_SIG ) {
log_error("add_onepass_sig: another packet is in the way\n");
release_list( c );
c->list = new_kbnode( pkt );
}
add_kbnode( c->list, new_kbnode( pkt ));
else
add_kbnode( c->list, new_kbnode( pkt ));
}
else /* insert the first one */
c->list = node = new_kbnode( pkt );

3
g10/options.h
View File

@ -55,6 +55,9 @@ struct {
const char *set_filename;
const char *comment_string;
int throw_keyid;
int s2k_mode;
int s2k_digest_algo;
int s2k_cipher_algo;
} opt;

3
g10/parse-packet.c
View File

@ -1068,6 +1068,9 @@ parse_key( IOBUF inp, int pkttype, unsigned long pktlen,
}
sk->protect.s2k.count = iobuf_get(inp);
pktlen--;
if( list_mode )
printf("\tprotect count: %lu\n",
(ulong)sk->protect.s2k.count);
}
}
else { /* old version; no S2K, so we set mode to 0, hash MD5 */

140
g10/passphrase.c
View File

@ -34,22 +34,16 @@
#include "i18n.h"
#include "status.h"
static int pwfd = -1;
static char *fd_passwd = NULL;
static char *next_pw = NULL;
static char *last_pw = NULL;
static void hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create );
void
set_passphrase_fd( int fd )
{
pwfd = fd;
}
int
get_passphrase_fd()
have_static_passphrase()
{
return pwfd;
return !!fd_passwd;
}
/****************
@ -81,6 +75,36 @@ get_last_passphrase()
}
void
read_passphrase_from_fd( int fd )
{
int i, len;
char *pw;
if( !opt.batch )
tty_printf("Reading passphrase from file descriptor %d ...", fd );
for( pw = NULL, i = len = 100; ; i++ ) {
if( i >= len-1 ) {
char *pw2 = pw;
len += 100;
pw = m_alloc_secure( len );
if( pw2 )
memcpy(pw, pw2, i );
else
i=0;
}
if( read( fd, pw+i, 1) != 1 || pw[i] == '\n' )
break;
}
pw[i] = 0;
if( !opt.batch )
tty_printf("\b\b\b \n" );
m_free( fd_passwd );
fd_passwd = pw;
}
/****************
* Get a passphrase for the secret key with KEYID, display TEXT
* if the user needs to enter the passphrase.
@ -140,26 +164,9 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
pw = next_pw;
next_pw = NULL;
}
else if( pwfd != -1 ) { /* read the passphrase from the file */
int i, len;
if( !opt.batch )
tty_printf("Reading from file descriptor %d ...", pwfd );
for( pw = NULL, i = len = 100; ; i++ ) {
if( i >= len-1 ) {
char *pw2 = pw;
len += 100;
pw = m_alloc_secure( len );
if( pw2 )
memcpy(pw, pw2, i );
i=0;
}
if( read( pwfd, pw+i, 1) != 1 || pw[i] == '\n' )
break;
}
pw[i] = 0;
if( !opt.batch )
tty_printf("\b\b\b \n" );
else if( fd_passwd ) {
pw = m_alloc_secure( strlen(fd_passwd)+1 );
strcpy( pw, fd_passwd );
}
else if( opt.batch )
log_fatal("Can't query password in batchmode\n");
@ -192,54 +199,69 @@ passphrase_to_dek( u32 *keyid, int cipher_algo, STRING2KEY *s2k, int mode )
/****************
* Hash a passphrase using the supplied s2k. If create is true, create
* a new salt or whatelse must be filled into the s2k for a new key.
* a new salt or what else must be filled into the s2k for a new key.
* always needs: dek->algo, s2k->mode, s2k->hash_algo.
*/
static void
hash_passphrase( DEK *dek, char *pw, STRING2KEY *s2k, int create )
{
MD_HANDLE md;
int pass, i;
int used = 0;
int pwlen = strlen(pw);
assert( s2k->hash_algo );
dek->keylen = 0;
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
if( !(dek->keylen > 0 && dek->keylen <= DIM(dek->key)) )
BUG();
md = md_open( s2k->hash_algo, 1);
if( s2k->mode == 1 || s2k->mode == 3 ) {
ulong count = 0;
int len = strlen(pw);
int len2 = len + 8;
if( create )
randomize_buffer(s2k->salt, 8, 1);
if( s2k->mode == 3 ) {
count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
log_debug("s2k iteration count=%lu\n", count );
for(pass=0; used < dek->keylen ; pass++ ) {
if( pass ) {
md_reset(md);
for(i=0; i < pass; i++ ) /* preset the hash context */
md_putc(md, 0 );
}
for(;;) {
md_write( md, s2k->salt, 8 );
md_write( md, pw, len );
if( count <= len2 )
break;
count -= len2;
}
if( count ) {
if( count < 8 ) {
md_write( md, s2k->salt, count );
if( s2k->mode == 1 || s2k->mode == 3 ) {
int len2 = pwlen + 8;
ulong count = len2;
if( create && !pass ) {
randomize_buffer(s2k->salt, 8, 1);
if( s2k->mode == 3 )
s2k->count = 96; /* = 56536 */
}
if( s2k->mode == 3 ) {
count = (16ul + (s2k->count & 15)) << ((s2k->count >> 4) + 6);
if( count < len2 )
count = len2;
}
/* a little bit complicated because we need a ulong for count */
while( count > len2 ) { /* maybe iterated+salted */
md_write( md, s2k->salt, 8 );
md_write( md, pw, pwlen );
count -= len2;
}
if( count < 8 )
md_write( md, s2k->salt, count );
else {
md_write( md, s2k->salt, 8 );
count -= 8;
assert( count <= len );
assert( count >= 0 );
md_write( md, pw, count );
}
}
else
md_write( md, pw, pwlen );
md_final( md );
i = md_digest_length( s2k->hash_algo );
if( i > dek->keylen - used )
i = dek->keylen - used;
memcpy( dek->key+used, md_read(md, s2k->hash_algo), i );
used += i;
}
else
md_write( md, pw, strlen(pw) );
md_final( md );
dek->keylen = cipher_get_keylen( dek->algo ) / 8;
assert(dek->keylen > 0 && dek->keylen <= DIM(dek->key) );
memcpy( dek->key, md_read(md,0), dek->keylen );
md_close(md);
}

16
g10/pkclist.c
View File

@ -182,7 +182,8 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
int rc;
if( (trustlevel & TRUST_FLAG_REVOKED) ) {
log_info("key has been revoked!\n");
log_info("%08lX: key has been revoked!\n",
(ulong)keyid_from_pk( pk, NULL) );
if( opt.batch )
return 0;
@ -209,12 +210,13 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
return do_we_trust( pk, trustlevel );
case TRUST_EXPIRED:
log_info("key has expired\n");
log_info("%08lX: key has expired\n", (ulong)keyid_from_pk( pk, NULL) );
return 0; /* no */
case TRUST_UNDEFINED:
if( opt.batch || opt.answer_no )
log_info("no info to calculate a trust probability\n");
log_info("%08lX: no info to calculate a trust probability\n",
(ulong)keyid_from_pk( pk, NULL) );
else {
rc = add_ownertrust( pk );
if( !rc ) {
@ -229,12 +231,14 @@ do_we_trust( PKT_public_key *pk, int trustlevel )
return 0;
case TRUST_NEVER:
log_info("We do NOT trust this key\n");
log_info("%08lX: We do NOT trust this key\n",
(ulong)keyid_from_pk( pk, NULL) );
return 0; /* no */
case TRUST_MARGINAL:
log_info("I'm not sure whether this key really belongs to the owner\n"
"but I proceed anyway\n");
log_info("%08lX: I'm not sure whether this key really belongs to the owner\n"
"but I proceed anyway\n",
(ulong)keyid_from_pk( pk, NULL) );
return 1; /* yes */
case TRUST_FULLY:

2
g10/seckey-cert.c
View File

@ -168,7 +168,7 @@ check_secret_key( PKT_secret_key *sk, int n )
if( i )
log_error(_("Invalid passphrase; please try again ...\n"));
rc = do_check( sk );
if( get_passphrase_fd() != -1 )
if( have_static_passphrase() )
break;
}

4
g10/sig-check.c
View File

@ -152,8 +152,8 @@ do_check( PKT_public_key *pk, PKT_signature *sig, MD_HANDLE digest )
u32 cur_time;
if( pk->version == 4 && pk->pubkey_algo == PUBKEY_ALGO_ELGAMAL_E ) {
log_info("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n");
log_info(_("this is a PGP generated "
"ElGamal key which is NOT secure for signatures!\n"));
return G10ERR_PUBKEY_ALGO;
}

17
g10/status.c
View File

@ -31,6 +31,9 @@
#ifdef HAVE_SYS_SHM_H
#include <sys/shm.h>
#endif
#if defined(HAVE_MLOCK)
#include <sys/mman.h>
#endif
#endif
#include "util.h"
#include "status.h"
@ -142,11 +145,21 @@ init_shm_coprocessing ( ulong requested_shm_size, int lock_mem )
log_info("mapped %uk shared memory at %p, id=%d\n",
(unsigned)shm_size/1024, shm_area, shm_id );
if( lock_mem ) {
#ifdef IPC_HAVE_SHM_LOCK
if ( shmctl (shm_id, SHM_LOCK, 0) )
log_info("Locking shared memory %d failed: %s\n",
log_info("locking shared memory %d failed: %s\n",
shm_id, strerror(errno));
else
shm_is_locked = 1;
#elif defined(HAVE_MLOCK) && !defined(HAVE_BROKEN_MLOCK)
if ( mlock (shm_area, shm_size) )
log_info("locking shared memory %d failed: %s\n",
shm_id, strerror(errno));
else
shm_is_locked = 1;
#else
log_info("Locking shared memory %d failed: No way to do it\n", shm_id );
#endif
}
@ -225,7 +238,7 @@ do_shm_get( const char *keyword, int hidden, int bool )
static void
display_help( const char *keyword )
{
char *p;
const char *p;
int hint = 0;
tty_kill_prompt();

24
g10/trustdb.c
View File

@ -105,7 +105,7 @@ static TRUST_SEG_LIST last_trust_web_tslist;
#define HEXTOBIN(a) ( (a) >= '0' && (a) <= '9' ? ((a)-'0') : \
(a) >= 'A' && (a) <= 'F' ? ((a)-'A'+10) : ((a)-'a'+10))
/**********************************************
************* list helpers *******************
**********************************************/
@ -239,6 +239,8 @@ keyid_from_lid( ulong lid, u32 *keyid )
return 0;
}
/****************
* Walk through the signatures of a public key.
* The caller must provide a context structure, with all fields set
@ -333,7 +335,7 @@ walk_sigrecs( SIGREC_CONTEXT *c, int create )
/***********************************************
************* Trust stuff ******************
***********************************************/
@ -357,6 +359,10 @@ verify_own_keys()
if( DBG_TRUST )
log_debug("key %08lX: checking secret key\n", (ulong)keyid[1] );
if( is_secret_key_protected( sk ) < 1 )
log_info("note: secret key %08lX is NOT protected.\n",
(ulong)keyid[1] );
/* see whether we can access the public key of this secret key */
memset( pk, 0, sizeof *pk );
rc = get_pubkey( pk, keyid );
@ -1204,7 +1210,7 @@ do_check( TRUSTREC *dr, unsigned *trustlevel )
return 0;
}
/***********************************************
**************** API ************************
***********************************************/
@ -1564,6 +1570,8 @@ check_trustdb( const char *username )
}
}
/****************
* Get the trustlevel for this PK.
* Note: This does not ask any questions
@ -1612,11 +1620,11 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
rc = insert_trust_record( pk );
if( rc ) {
log_error(_("key %08lX: insert trust record failed: %s\n"),
keyid[1], g10_errstr(rc));
(ulong)keyid[1], g10_errstr(rc));
goto leave;
}
log_info(_("key %08lX.%lu: inserted into trustdb\n"),
keyid[1], pk->local_id );
(ulong)keyid[1], pk->local_id );
/* and re-read the dir record */
if( tdbio_read_record( pk->local_id, &rec, RECTYPE_DIR ) ) {
log_error("check_trust: reread dir record failed\n");
@ -1628,14 +1636,14 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
if( pk->timestamp > cur_time ) {
log_info(_("key %08lX.%lu: created in future "
"(time warp or clock problem)\n"),
keyid[1], pk->local_id );
(ulong)keyid[1], pk->local_id );
return G10ERR_TIME_CONFLICT;
}
if( pk->valid_days && add_days_to_timestamp(pk->timestamp,
pk->valid_days) < cur_time ) {
log_info(_("key %08lX.%lu: expired at %s\n"),
keyid[1], pk->local_id,
(ulong)keyid[1], pk->local_id,
asctimestamp( add_days_to_timestamp(pk->timestamp,
pk->valid_days)));
trustlevel = TRUST_EXPIRED;
@ -1644,7 +1652,7 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel )
rc = do_check( &rec, &trustlevel );
if( rc ) {
log_error(_("key %08lX.%lu: trust check failed: %s\n"),
keyid[1], pk->local_id, g10_errstr(rc));
(ulong)keyid[1], pk->local_id, g10_errstr(rc));
return rc;
}
}

2
include/cipher.h
View File

@ -106,10 +106,12 @@ int check_digest_algo( int algo );
MD_HANDLE md_open( int algo, int secure );
void md_enable( MD_HANDLE hd, int algo );
MD_HANDLE md_copy( MD_HANDLE a );
void md_reset( MD_HANDLE a );
void md_close(MD_HANDLE a);
void md_write( MD_HANDLE a, byte *inbuf, size_t inlen);
void md_final(MD_HANDLE a);
byte *md_read( MD_HANDLE a, int algo );
int md_digest( MD_HANDLE a, int algo, byte *buffer, int buflen );
int md_get_algo( MD_HANDLE a );
int md_digest_length( int algo );
const byte *md_asn_oid( int algo, size_t *asnlen, size_t *mdlen );

8
po/ChangeLog
View File

@ -1,3 +1,11 @@
Mon Sep 21 15:03:44 1998 Werner Koch (wk@(none))
* it.po: New version from Marco d'Itri
Mon Sep 21 09:28:54 1998 Werner Koch (wk@(none))
* fr.po: New version from Gaël Quéri
Tue Aug 11 12:28:11 1998 Werner Koch (wk@(none))
* it.po: New file from Marco.

2
po/POTFILES.in
View File

@ -15,10 +15,12 @@ cipher/rand-w32.c
# main program
g10/g10.c
g10/armor.c
g10/pkclist.c
g10/keygen.c
g10/decrypt.c
g10/encode.c
g10/getkey.c
g10/import.c
g10/keyedit.c
g10/keylist.c

16
po/de.po
View File

@ -298,19 +298,19 @@ msgid ""
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" -sat [file] make a clear text signature\n"
" -sb [file] make a detached signature\n"
" -k [userid] show keys\n"
" -kc [userid] show fingerprint\n"
" --clearsign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprint\n"
msgstr ""
"@\n"
"Beispiele:\n"
"\n"
" -se -r Bob [file] Signieren und verschlüsseln für Benutzer Bob\n"
" -sat [file] Eine Klartextsignatur erzeugen\n"
" -sb [file] Eine abgetrennte Signatur erzeugen\n"
" -k [userid] Die Schlüssel anzeigen\n"
" -kc [userid] Die \"Fingerabdrücke\" anzeigen\n"
" --clearsign [file] Eine Klartextsignatur erzeugen\n"
" --detach-sign [file] Eine abgetrennte Signatur erzeugen\n"
" --list-keys [names] Die Schlüssel anzeigen\n"
" --fingerprint [names] Die \"Fingerabdrücke\" anzeigen\n"
#: g10/g10.c:302
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"

120
po/fr.po
View File

@ -2,15 +2,16 @@
# Copyright (C) 1998 Free Software Foundation, Inc.
# Gaël Quéri <gqueri@mail.dotcom.fr>, 1998.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: gnupg-0.3.4\n"
"Project-Id-Version: gnupg-0.4.0\n"
"POT-Creation-Date: 1998-09-18 17:16+0200\n"
"PO-Revision-Date: 1998-08-20 00:0000+0200\n"
"PO-Revision-Date: 1998-09-17 03:14+0200\n"
"Last-Translator: Gaël Quéri <gqueri@mail.dotcom.fr>\n"
"Language-Team: French <fr@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso8859-1\n"
"Content-Transfer-Encoding: 8-bit\n"
#: util/secmem.c:226
msgid "Warning: using insecure memory!\n"
@ -52,7 +53,7 @@ msgid ""
msgstr ""
"\n"
"Il n'y a pas assez d'octets aléatoires disponibles. Faites autre chose\n"
"pur que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n"
"pour que l'OS puisse amasser plus d'entropie! (il faut %d octets de plus)\n"
#: g10/g10.c:143
msgid ""
@ -120,7 +121,7 @@ msgstr "g
#: g10/g10.c:163
msgid "remove key from the public keyring"
msgstr "enlever la clé du pore-clés public"
msgstr "enlever la clé du porte-clés public"
#: g10/g10.c:165
msgid "sign or edit a key"
@ -156,15 +157,15 @@ msgstr "|[NOMS]|v
#: g10/g10.c:177
msgid "De-Armor a file or stdin"
msgstr "Enlever l'armure d'un fichier ou de l'entrée standard"
msgstr "Enlever l'armure d'un fichier ou de stdin"
#: g10/g10.c:178
msgid "En-Armor a file or stdin"
msgstr "Mettre une armure à un fichier ou à l'entrée standard"
msgstr "Mettre une armure à un fichier ou à stdin"
#: g10/g10.c:179
msgid "|algo [files]|print message digests"
msgstr "|algo [fichiers]|indiquer les fonctions de hachage"
msgstr "|alg. [fich.]|indiquer les fonctions de hachage"
#: g10/g10.c:180
msgid "print all message digests"
@ -263,7 +264,7 @@ msgstr "(3 par d
#: g10/g10.c:213
msgid "|file|load extension module"
msgstr "|fichier|charger un module d'extension"
msgstr "|fich|charger un module d'extension"
#: g10/g10.c:214
msgid "emulate the mode described in RFC1991"
@ -283,33 +284,31 @@ msgstr "|N|utiliser l'algorithme de compression N"
#: g10/g10.c:219
msgid "throw keyid field of encrypted packets"
msgstr ""
msgstr "enlever l'idendification de la clé des paquets cryptés"
# encore un qui a lu Applied Cryptography ! (Bob)...
#
#: g10/g10.c:227
msgid ""
"@\n"
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" -sat [file] make a clear text signature\n"
" -sb [file] make a detached signature\n"
" -k [userid] show keys\n"
" -kc [userid] show fingerprint\n"
" --clearsign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprint\n"
msgstr ""
"@\n"
"Exemples:\n"
"\n"
" -se -r Alice [fichier] signer et crypter pour l'utilisateur Alice\n"
" -sat [fichier] faire une signature en texte clair\n"
" -sb [fichier] faire une signature détachée\n"
" -k [utilisateur] montrer les clés\n"
" -kc [utilisateur] montrer les empreintes\n"
" -se -r Alice [fichier] signer et crypter pour l'utilisateur Alice\n"
" --clearsign [fichier] faire une signature en texte clair\n"
" --detach-sign [fichier] faire une signature détachée\n"
" --list-keys [utilisateur] montrer les clés\n"
" --fingerprint [utilisateur] montrer les empreintes\n"
#: g10/g10.c:302
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
msgstr "Rapprter toutes anomalies à <gnupg-bugs@gnu.org>.\n"
msgstr "Rapporter toutes anomalies à <gnupg-bugs@gnu.org>.\n"
#: g10/g10.c:307
msgid "Usage: gpgm [options] [files] (-h for help)"
@ -342,6 +341,8 @@ msgid ""
"\n"
"Supported algorithms:\n"
msgstr ""
"\n"
"Algorithmes supportés:\n"
#: g10/g10.c:398
msgid "usage: gpgm [options] "
@ -474,8 +475,8 @@ msgid ""
"RSA keys are deprecated; please consider creating a new key and use this key "
"in the future\n"
msgstr ""
"Les clés RSA sont déconseillées: considérez créer une nouvelle clé "
"etl'utiliser dans l'avenir\n"
"Les clés RSA sont déconseillées: considérez créer une nouvelle clé et "
"l'utiliser dans l'avenir\n"
#: g10/pkclist.c:71
#, c-format
@ -520,6 +521,10 @@ msgstr "sSmM"
#: g10/pkclist.c:99
msgid "edit_ownertrust.value"
msgstr ""
"C'est à vous d'assigner une valeur ici; cette valeur ne sera jamais\n"
"exportée à une tierce personne. Nous en avons besoin pour créer le;\n"
"réseau de confiance (web-of-trust); cela n'a rien à voir avec le\n"
"réseau de certificats (créé implicitement)"
#: g10/pkclist.c:99
msgid "Your decision? "
@ -549,6 +554,7 @@ msgstr ""
#: g10/pkclist.c:189
msgid "revoked_key.override"
msgstr ""
"Si vous voulez utiliser cette clé révoquée quand-même, répondez \"oui\"."
#: g10/pkclist.c:190 g10/pkclist.c:277
msgid "Use this key anyway? "
@ -569,6 +575,7 @@ msgstr ""
#: g10/pkclist.c:276
msgid "untrusted_key.override"
msgstr ""
"Si vous voulez utiliser cette clé peu sûre quand-même, répondez \"oui\"."
#: g10/pkclist.c:281
msgid "WARNING: Using untrusted key!\n"
@ -625,7 +632,7 @@ msgstr ""
#: g10/pkclist.c:423
msgid "pklist.user_id.enter"
msgstr ""
msgstr "Entrez le nom de l'adresse à qui vous voulez envoyer le message."
#: g10/pkclist.c:424
msgid "Enter the user ID: "
@ -690,7 +697,7 @@ msgstr " (%d) ElGamal dans un paquet v3\n"
#: g10/keygen.c:393
msgid "keygen.algo"
msgstr ""
msgstr "Sélectionnez l'algorithme à utiliser:"
#: g10/keygen.c:393
msgid "Your selection? "
@ -750,8 +757,8 @@ msgid ""
"Okay, but keep in mind that your monitor and keyboard radiation is also very "
"vulnerable to attacks!\n"
msgstr ""
"D'accord, mais n'oubliez pas que votre écran et les radiations du "
"claviersont aussi vulnérables aux attaques! :)\n"
"D'accord, mais n'oubliez pas que votre écran et les radiations du clavier "
"sont aussi très vulnérables aux attaques!\n"
#: g10/keygen.c:459
msgid "keygen.size.large.okay"
@ -815,7 +822,7 @@ msgstr ""
#: g10/keygen.c:525
msgid "Is this correct (y/n)? "
msgstr "Est-ce correct (y/n)? "
msgstr "Est-ce correct (o/n)? "
#: g10/keygen.c:553
msgid ""
@ -827,8 +834,8 @@ msgid ""
"\n"
msgstr ""
"\n"
"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; "
"leprogramme le construit à partir du nom réel, d'un commentaire et d'une\n"
"Vous avez besoin d'un nom d'utilisateur pour identifier votre clé; le "
"programme le construit à partir du nom réel, d'un commentaire et d'une\n"
"adresse e-mail de cette manière:\n"
" \"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de\"\n"
"\n"
@ -895,6 +902,11 @@ msgstr "NnCcEeOoQq"
#: g10/keygen.c:638
msgid "keygen.userid.cmd"
msgstr ""
"N pour changer le nom.\n"
"C pour changer le commentaire.\n"
"E pour changer l'adresse e-mail.\n"
"O pour continuer à générer la clé.\n"
"Q pour arrêter de générer de clé."
#: g10/keygen.c:639
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
@ -931,9 +943,9 @@ msgid ""
"network and the disks) during the prime generation; this gives the random\n"
"number generator a better chance to gain enough entropy.\n"
msgstr ""
"On doit générer beaucoup d'octets aléatoires. C'est une bonne idée de\n"
"Beaucoup d'octets aléatoires doivent être générés. Vous devriez\n"
"faire autre chose (travailler dans une autre fenêtre, bouger la souris,\n"
"utiliser le réseau et les disques) pendant la géneration de nombres\n"
"utiliser le réseau et les disques) pendant la génération de nombres\n"
"premiers; cela permet au générateur de nombres aléatoires de gagner assez\n"
"d'entropie plus facilement.\n"
@ -943,7 +955,7 @@ msgstr "La g
#: g10/keygen.c:796
msgid "DSA keypair will have 1024 bits.\n"
msgstr "La paire de clés DSA aura 1024 bits.\n"
msgstr "La paire de clés DSA fera 1024 bits.\n"
#: g10/keygen.c:802
msgid "Key generation cancelled.\n"
@ -979,7 +991,7 @@ msgstr "La g
#: g10/keygen.c:967
msgid "keygen.sub.okay"
msgstr ""
msgstr "Répondez \"oui\" (ou simplement \"o\") pour générer la sous-clé"
#: g10/keygen.c:968
msgid "Really create? "
@ -1315,7 +1327,7 @@ msgid ""
"You don't want a passphrase - this is probably a *bad* idea!\n"
"\n"
msgstr ""
"Vous ne voulez pas de mot de passa - cela est certainement une *mauvaise* "
"Vous ne voulez pas de mot de passe - cela est certainement une *mauvaise* "
"idée\n"
#: g10/keyedit.c:385
@ -1499,7 +1511,7 @@ msgstr "La cl
#: g10/keyedit.c:522
msgid "keyedit.cmd"
msgstr ""
msgstr "Entrez \"aide\" s'il vous plaît."
#: g10/keyedit.c:522
msgid "Command> "
@ -1642,11 +1654,13 @@ msgstr ""
#: g10/passphrase.c:126
#, c-format
msgid "(%u-bit %s key, ID %08lX, created %s)\n"
msgstr "(clé de %u bits, ID %08lX, créée le %s)\n"
msgstr "(clé de %u bits %s, ID %08lX, créée le %s)\n"
#: g10/passphrase.c:167
msgid "passphrase.enter"
msgstr ""
"Entrez le mot de passe; c'est une phrase secrète \n"
" Blurb, blurb,.... "
#: g10/passphrase.c:167
msgid "Enter pass phrase: "
@ -1655,6 +1669,7 @@ msgstr "Entrez le mot de passe: "
#: g10/passphrase.c:170
msgid "passphrase.repeat"
msgstr ""
"Répétez le dernier mot de passe, pour être sûr de ce que vous avez tapé."
#: g10/passphrase.c:171
msgid "Repeat pass phrase: "
@ -1684,7 +1699,7 @@ msgstr "Mot de passe invalide; r
#: g10/seckey-cert.c:215
msgid "Warning: Weak key detected - please change passphrase again.\n"
msgstr ""
msgstr "Attention: Mauvaise clé détectée - changez encore le mot de passe.\n"
#: g10/sig-check.c:165
msgid "public key created in future (time warp or clock problem)\n"
@ -1772,11 +1787,11 @@ msgstr "Pas d'aide disponible pour '%s'"
#: g10/pubkey-enc.c:78
#, c-format
msgid "anonymous receiver; trying secret key %08lX ...\n"
msgstr ""
msgstr "destinataire anonyme; essai de la clé secrète %08lX ...\n"
#: g10/pubkey-enc.c:84
msgid "okay, we are the anonymous receiver.\n"
msgstr ""
msgstr "d'accord, nous sommes le destinataire anonyme.\n"
#: g10/pubkey-enc.c:183
#, c-format
@ -1796,33 +1811,22 @@ msgstr ""
#: g10/openfile.c:60
msgid "Overwrite (y/N)? "
msgstr "Réécrire (y/N)? "
msgstr "Réécrire (o/N)? "
#: g10/encr-data.c:74
msgid ""
"Warning: Message was encrypted with a weak key in the symmetric cipher.\n"
msgstr ""
"Attention: Le message a été crypté avec une mauvaise clé pendant le\n"
"chiffrement symétrique.\n"
#: g10/seskey.c:52
msgid "weak key created - retrying\n"
msgstr ""
msgstr "mauvais clé générée - nouvel essai\n"
#: g10/seskey.c:57
#, c-format
msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
msgstr ""
#~ msgid "there is a secret key for this public key!\n"
#~ msgstr "il y a une clé secrète pour cette clé publique!\n"
#~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
#~ msgstr "utilisez l'option \"--delete-secret-key\" pour l'effacer d'abort.\n"
#~ msgid "can't do that in batchmode without \"--yes\"\n"
#~ msgstr "ne peut faire cela en mode automatique sans \"--yes\"\n"
#~ msgid "Delete this key from the keyring? "
#~ msgstr "Effacer cette clé du porte-clés? "
#~ msgid "This is a secret key! - really delete? "
#~ msgstr "C'est une clé secrète! - effacer réellement? "
"ne peut éviter une mauvaise clé pour le chiffrement symétrique: \n"
"%d essais ont eu lieu!\n"

156
po/it.po
View File

@ -1,12 +1,16 @@
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR Free Software Foundation, Inc.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
msgid ""
msgstr ""
"POT-Creation-Date: 1998-09-18 17:16+0200\n"
"Project-Id-Version: gnupg-0.4.0\n"
"PO-Revision-Date: 1998-09-20 16:15+02:00\n"
"Last-Translator: Marco d'Itri <md@linux.it>\n"
"Language-Team: Italian <it@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=iso-8859-1\n"
"Date: 1998-03-07 12:16:14+0100\n"
"From: Marco d'Itri <md@linux.it>\n"
"Xgettext-Options: --default-domain=gnupg --directory=.. --add-comments "
"--keyword=_ --keyword=N_ --files-from=./POTFILES.in\n"
"Files: util/secmem.c cipher/random.c g10/g10.c g10/pkclist.c g10/keygen.c\n"
"Content-Transfer-Encoding: 8bit\n"
#: util/secmem.c:226
msgid "Warning: using insecure memory!\n"
@ -277,7 +281,7 @@ msgstr "|N|usa l'algoritmo di compressione N"
#: g10/g10.c:219
msgid "throw keyid field of encrypted packets"
msgstr ""
msgstr "elimina il campo keyid dei pacchetti crittografati"
#: g10/g10.c:227
msgid ""
@ -285,19 +289,19 @@ msgid ""
"Examples:\n"
"\n"
" -se -r Bob [file] sign and encrypt for user Bob\n"
" -sat [file] make a clear text signature\n"
" -sb [file] make a detached signature\n"
" -k [userid] show keys\n"
" -kc [userid] show fingerprint\n"
" --clearsign [file] make a clear text signature\n"
" --detach-sign [file] make a detached signature\n"
" --list-keys [names] show keys\n"
" --fingerprint [names] show fingerprint\n"
msgstr ""
"@\n"
"Esempi:\n"
"\n"
" -se -r Bob [file] firma e cifra per l'utente Bob\n"
" -sat [file] fai una firma mantenendo il testo in chiaro\n"
" -sb [file] fai una firma separata\n"
" -k [userid] mostra le chiavi\n"
" -kc [userid] mostra le impronte digitali\n"
" --clearsign [file] fai una firma mantenendo il testo in chiaro\n"
" --detach-sign [file] fai una firma separata\n"
" --list-keys [names] mostra le chiavi\n"
" --fingerprint [names] mostra le impronte digitali\n"
#: g10/g10.c:302
msgid "Please report bugs to <gnupg-bugs@gnu.org>.\n"
@ -333,7 +337,7 @@ msgstr ""
msgid ""
"\n"
"Supported algorithms:\n"
msgstr ""
msgstr "\nAlgoritmi gestiti:\n"
#: g10/g10.c:398
msgid "usage: gpgm [options] "
@ -347,19 +351,16 @@ msgstr "uso: gpg [options] "
msgid "conflicting commands\n"
msgstr "comandi in conflitto\n"
# , c-format
#: g10/g10.c:547
#, c-format
msgid "note: no default option file '%s'\n"
msgstr "nota: nessun file con opzioni predefinite '%s'\n"
# , c-format
#: g10/g10.c:551
#, c-format
msgid "option file '%s': %s\n"
msgstr "file con opzioni predefinite '%s': %s\n"
# , c-format
#: g10/g10.c:558
#, c-format
msgid "reading options from '%s'\n"
@ -373,7 +374,6 @@ msgstr "l'algoritmo di cifratura selezionato non
msgid "selected digest algorithm is invalid\n"
msgstr "l'algoritmo di digest selezionato non è valido\n"
# , c-format
#: g10/g10.c:746
#, c-format
msgid "compress algorithm must be in range %d..%d\n"
@ -387,7 +387,6 @@ msgstr "completes-needed deve essere maggiore di 0\n"
msgid "marginals-needed must be greater than 1\n"
msgstr "marginals-needed deve essere maggiore di 1\n"
# , c-format
#: g10/g10.c:833
#, c-format
msgid "failed to initialize the TrustDB: %s\n"
@ -433,7 +432,6 @@ msgstr "--delete-secret-key nomeutente"
msgid "--delete-key username"
msgstr "--delete-key nomeutente"
# , c-format
#: g10/encode.c:211 g10/g10.c:950 g10/keylist.c:79
#, c-format
msgid "can't open %s: %s\n"
@ -443,19 +441,16 @@ msgstr "impossibile aprire '%s': %s\n"
msgid "-k[v][v][v][c] [userid] [keyring]"
msgstr "-k[v][v][v][c] [userid] [portachiavi]"
# , c-format
#: g10/g10.c:1016
#, c-format
msgid "dearmoring failed: %s\n"
msgstr "rimozione dell'armatura fallita: %s\n"
# , c-format
#: g10/g10.c:1024
#, c-format
msgid "enarmoring failed: %s\n"
msgstr "creazione dell'armatura fallita: %s\n"
# , c-format
#: g10/g10.c:1085
#, c-format
msgid "invalid hash algorithm '%s'\n"
@ -465,7 +460,6 @@ msgstr "algoritmo di hash non valido '%s'\n"
msgid "[filename]"
msgstr "[nomefile]"
# , c-format
#: g10/decrypt.c:59 g10/g10.c:1157 g10/verify.c:66
#, c-format
msgid "can't open '%s'\n"
@ -479,7 +473,6 @@ msgstr ""
"L'uso di chiavi RSA è deprecato; per favore in futuro considera di creare e\n"
"usare una nuova chiave.\n"
# , c-format
#: g10/pkclist.c:71
#, c-format
msgid ""
@ -513,7 +506,7 @@ msgstr ""
#: g10/pkclist.c:90
msgid " m = back to the main menu\n"
msgstr ""
msgstr " m = ritorna al menù principale\n"
# valid user replies (not including 1..4)
# [Marco, you can change 'm' and 's' to whatever letters you like]
@ -666,31 +659,26 @@ msgstr "scrittura della autofirma\n"
msgid "Please select what kind of key you want:\n"
msgstr "Per favore scegli che tipo di chiave vuoi:\n"
# , c-format
#: g10/keygen.c:385
#, c-format
msgid " (%d) DSA and ElGamal (default)\n"
msgstr " (%d) DSA e ElGamal (default)\n"
# , c-format
#: g10/keygen.c:386
#, c-format
msgid " (%d) ElGamal (sign and encrypt)\n"
msgstr " (%d) ElGamal (firma e crittografa)\n"
# , c-format
#: g10/keygen.c:387
#, c-format
msgid " (%d) ElGamal (encrypt only)\n"
msgstr " (%d) ElGamal (crittografa solo)\n"
# , c-format
#: g10/keygen.c:388
#, c-format
msgid " (%d) DSA (sign only)\n"
msgstr " (%d) DSA (firma solo)\n"
# , c-format
#: g10/keygen.c:389
#, c-format
msgid " (%d) ElGamal in a v3 packet\n"
@ -708,7 +696,6 @@ msgstr "Cosa scegli? "
msgid "Invalid selection.\n"
msgstr "Scelta non valida.\n"
# , c-format
#: g10/keygen.c:431
#, c-format
msgid ""
@ -751,9 +738,8 @@ msgid "keygen.size.huge.okay"
msgstr ""
#: g10/keygen.c:451
#, fuzzy
msgid "Are you sure that you want this keysize? "
msgstr "Sei sicuro che vuoi una chiave di queste dimensioni? "
msgstr "Sei sicuro di volere una chiave di queste dimensioni? "
#: g10/keygen.c:452
msgid ""
@ -771,13 +757,11 @@ msgstr ""
msgid "Do you really need such a large keysize? "
msgstr "Ti serve davvero una chiave così lunga? "
# , c-format
#: g10/keygen.c:466
#, c-format
msgid "Requested keysize is %u bits\n"
msgstr "Le dimensioni della chiave richieste sono %u bit\n"
# , c-format
#: g10/keygen.c:469 g10/keygen.c:473
#, c-format
msgid "rounded up to %u bits\n"
@ -814,7 +798,6 @@ msgstr "valore non valido\n"
msgid "Key does not expire at all\n"
msgstr "La chiave non scade\n"
# , c-format
#. print the date when the key expires
#: g10/keygen.c:519
#, c-format
@ -889,7 +872,6 @@ msgstr "Commento: "
msgid "Invalid character in comment\n"
msgstr "Carattere non valido nel commento\n"
# , c-format
#: g10/keygen.c:626
#, c-format
msgid ""
@ -910,7 +892,6 @@ msgid "keygen.userid.cmd"
msgstr ""
#: g10/keygen.c:639
#, fuzzy
msgid "Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? "
msgstr "Modifica (N)ome, (C)ommento, (E)mail oppure (O)kay/(Q)uit? "
@ -964,13 +945,11 @@ msgstr "La coppia DSA avr
msgid "Key generation cancelled.\n"
msgstr "Generazione della chiave annullata.\n"
# , c-format
#: g10/keygen.c:812
#, c-format
msgid "writing public certificate to '%s'\n"
msgstr "scrittura del certificato pubblico in '%s'\n"
# , c-format
#: g10/keygen.c:813
#, c-format
msgid "writing secret certificate to '%s'\n"
@ -989,7 +968,6 @@ msgstr ""
"vorrai usare il comando \"--add-key\" per generare una chiave secondaria\n"
"per questo scopo.\n"
# , c-format
#: g10/keygen.c:906 g10/keygen.c:990
#, c-format
msgid "Key generation failed: %s\n"
@ -1003,7 +981,6 @@ msgstr ""
msgid "Really create? "
msgstr "Crea davvero? "
# , c-format
#: g10/encode.c:87
#, c-format
msgid "%s: can't open: %s\n"
@ -1019,7 +996,6 @@ msgstr "errore nella creazione della passhprase: %s\n"
msgid "%s: warning: empty file\n"
msgstr "%s: attenzione: file vuoto\n"
# , c-format
#: g10/encode.c:217
#, c-format
msgid "reading from '%s'\n"
@ -1030,7 +1006,6 @@ msgstr "lettura da '%s'\n"
msgid "%s encrypted for: %s\n"
msgstr "%s crittografato per: %s\n"
# , c-format
#: g10/import.c:105 g10/trustdb.c:1342
#, c-format
msgid "can't open file: %s\n"
@ -1058,7 +1033,7 @@ msgstr "chiave %08lX: nessun user id valido\n"
#: g10/import.c:283
msgid "this may be caused by a missing self-signature\n"
msgstr ""
msgstr "questo può essere causato da una autofirma mancante\n"
#: g10/import.c:291 g10/import.c:508
#, c-format
@ -1069,19 +1044,16 @@ msgstr "chiave %08lX: chiave pubblica non trovata: %s\n"
msgid "no default public keyring\n"
msgstr "nessun portachiavi pubblico predefinito\n"
# , c-format
#: g10/import.c:301
#, c-format
msgid "writing to '%s'\n"
msgstr "scrittura in '%s'\n"
# , c-format
#: g10/import.c:305 g10/import.c:359 g10/import.c:562
#, c-format
msgid "can't lock public keyring: %s\n"
msgstr "impossibile bloccare il portachiavi pubblico: %s\n"
# , c-format
#: g10/import.c:308
#, c-format
msgid "can't write to keyring: %s\n"
@ -1112,7 +1084,6 @@ msgstr "chiave %08lX: impossibile leggere il keyblock originale: %s\n"
msgid "writing keyblock\n"
msgstr "scrittura del keyblock\n"
# , c-format
#: g10/import.c:362 g10/import.c:565
#, c-format
msgid "can't write keyblock: %s\n"
@ -1308,7 +1279,6 @@ msgstr ""
msgid "Really sign? "
msgstr "Firmo davvero? "
# , c-format
#: g10/keyedit.c:295
#, c-format
msgid "signing failed: %s\n"
@ -1322,7 +1292,6 @@ msgstr "Questa chiave non
msgid "Key is protected.\n"
msgstr "La chiave è protetta.\n"
# , c-format
#: g10/keyedit.c:366
#, c-format
msgid "Can't edit this key: %s\n"
@ -1510,7 +1479,7 @@ msgstr ""
#: g10/keyedit.c:465
msgid "change the ownertrust"
msgstr ""
msgstr "cambia il valore di fiducia"
#: g10/keyedit.c:483
msgid "can't do that in batchmode\n"
@ -1550,13 +1519,11 @@ msgstr ""
msgid "Quit without saving? "
msgstr "Esco senza salvare? "
# , c-format
#: g10/keyedit.c:580
#, c-format
msgid "update failed: %s\n"
msgstr "aggiornamento fallito: %s\n"
# , c-format
#: g10/keyedit.c:587
#, c-format
msgid "update secret failed: %s\n"
@ -1628,13 +1595,11 @@ msgstr "Nessun user id con l'indice %d\n"
msgid "No secondary key with index %d\n"
msgstr "Nessuna chiave secondaria con l'indice %d\n"
# , c-format
#: g10/mainproc.c:198
#, c-format
msgid "public key decryption failed: %s\n"
msgstr "Decifratura della chiave pubblica fallita: %s\n"
# , c-format
#: g10/mainproc.c:228
#, c-format
msgid "decryption failed: %s\n"
@ -1659,20 +1624,19 @@ msgid "Can't check signature: %s\n"
msgstr "Impossibile controllare la firma: %s\n"
#: g10/passphrase.c:117
#, fuzzy
msgid ""
"\n"
"You need a passphrase to unlock the secret key for\n"
"user: \""
msgstr ""
"Ti serve una passphrase per proteggere la tua chiave segreta.\n"
"\n"
"Ti serve una passphrase per sbloccare la chiave segreta\n"
"dell'utente: \""
# "(chiave %s di %u-bit, ID %08lX, creata il %s)\n"
#: g10/passphrase.c:126
#, c-format
msgid "(%u-bit %s key, ID %08lX, created %s)\n"
msgstr "(%u-bit, chiave %s, ID %08lX, creata il %s)\n"
msgstr "(chiave %2$s di %1$u-bit, ID %3$08lX, creata il %4$s)\n"
#: g10/passphrase.c:167
msgid "passphrase.enter"
@ -1698,16 +1662,15 @@ msgstr ""
msgid "Please enter name of data file: "
msgstr "Inserisci il nome del file di dati: "
# , c-format
#: g10/plaintext.c:295
#, c-format
msgid "can't open signed data '%s'\n"
msgstr "impossibile aprire i dati firmati '%s'\n"
#: g10/seckey-cert.c:56
#, fuzzy, c-format
#, c-format
msgid "protection algorithm %d is not supported\n"
msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n"
msgstr "l'algoritmo di protezione %d non è gestito\n"
#: g10/seckey-cert.c:169
msgid "Invalid passphrase; please try again ...\n"
@ -1716,6 +1679,8 @@ msgstr "Passphrase non valida; riprova...\n"
#: g10/seckey-cert.c:215
msgid "Warning: Weak key detected - please change passphrase again.\n"
msgstr ""
"Attenzione: individuata una chiave debole - per favore cambia ancora la\n"
"passphrase.\n"
#: g10/sig-check.c:165
msgid "public key created in future (time warp or clock problem)\n"
@ -1728,43 +1693,41 @@ msgstr ""
msgid "warning: signature key expired %s\n"
msgstr "attenzione: firma della chiave scaduta il %s\n"
# , c-format
#: g10/trustdb.c:316
#, c-format
msgid "error reading sigrec: %s\n"
msgstr ""
msgstr "errore leggendo la sigrec: %s\n"
#: g10/trustdb.c:321
#, c-format
msgid "chained sigrec %lu has a wrong owner\n"
msgstr ""
msgstr "la chained sigrec %lu ha il proprietario sbagliato\n"
#: g10/trustdb.c:364
#, c-format
msgid "key %08lX: secret key without public key\n"
msgstr "key %08lX: chiave segreta senza chiave pubblica\n"
msgstr "chiave %08lX: chiave segreta senza chiave pubblica\n"
#: g10/trustdb.c:369
#, c-format
msgid "key %08lX: secret and public key don't match\n"
msgstr "key %08lX: le chiavi segreta e pubblica non corrispondono\n"
msgstr "chiave %08lX: le chiavi segreta e pubblica non corrispondono\n"
#: g10/trustdb.c:380
#, c-format
msgid "key %08lX: can't put it into the trustdb\n"
msgstr "key %08lX: impossibile metterla nel trustdb\n"
msgstr "chiave %08lX: impossibile metterla nel trustdb\n"
#: g10/trustdb.c:386
#, c-format
msgid "key %08lX: query record failed\n"
msgstr "key %08lX: richiesta del record fallita\n"
msgstr "chiave %08lX: richiesta del record fallita\n"
#: g10/trustdb.c:395
#, c-format
msgid "key %08lX: already in ultikey_table\n"
msgstr "key %08lX: già in ultikey_table\n"
msgstr "chiave %08lX: già in ultikey_table\n"
# , c-format
#: g10/trustdb.c:402
#, c-format
msgid "enum_secret_keys failed: %s\n"
@ -1773,30 +1736,29 @@ msgstr "enum_secret_keys fallito: %s\n"
#: g10/trustdb.c:1614
#, c-format
msgid "key %08lX: insert trust record failed: %s\n"
msgstr "key %08lX: inserimento del record della fiducia fallito: %s\n"
msgstr "chiave %08lX: inserimento del record della fiducia fallito: %s\n"
#: g10/trustdb.c:1618
#, c-format
msgid "key %08lX.%lu: inserted into trustdb\n"
msgstr "key %08lX.%lu: inserita nel trustdb\n"
msgstr "chiave %08lX.%lu: inserita nel trustdb\n"
#: g10/trustdb.c:1629
#, c-format
msgid "key %08lX.%lu: created in future (time warp or clock problem)\n"
msgstr ""
"key %08lX.%lu: creata nel futuro (salto nel tempo o problema\n"
"chiave %08lX.%lu: creata nel futuro (salto nel tempo o problema\n"
"con l'orologio)\n"
# , c-format
#: g10/trustdb.c:1637
#, c-format
msgid "key %08lX.%lu: expired at %s\n"
msgstr "key %08lX.%lu: scaduta il %s\n"
msgstr "chiave %08lX.%lu: scaduta il %s\n"
#: g10/trustdb.c:1646
#, c-format
msgid "key %08lX.%lu: trust check failed: %s\n"
msgstr "key %08lX.%lu: controllo della fiducia fallito: %s\n"
msgstr "chiave %08lX.%lu: controllo della fiducia fallito: %s\n"
#: g10/status.c:233
msgid "No help available"
@ -1810,11 +1772,11 @@ msgstr "Nessun aiuto disponibile per '%s'"
#: g10/pubkey-enc.c:78
#, c-format
msgid "anonymous receiver; trying secret key %08lX ...\n"
msgstr ""
msgstr "ricevente anonimo; provo la chiave segreta %08lX ...\n"
#: g10/pubkey-enc.c:84
msgid "okay, we are the anonymous receiver.\n"
msgstr ""
msgstr "Bene, siamo il ricevente anonimo.\n"
#: g10/pubkey-enc.c:183
#, c-format
@ -1825,7 +1787,7 @@ msgstr "nota: algoritmo di cifratura %d non trovato nelle impostazioni\n"
#: g10/openfile.c:58
#, c-format
msgid "File '%s' exists. "
msgstr ""
msgstr "Il file '%s' esiste. "
#: g10/openfile.c:59
msgid "openfile.overwrite.okay"
@ -1833,36 +1795,22 @@ msgstr ""
#: g10/openfile.c:60
msgid "Overwrite (y/N)? "
msgstr ""
msgstr "Sovrascrivo (y/N)? "
#: g10/encr-data.c:74
msgid ""
"Warning: Message was encrypted with a weak key in the symmetric cipher.\n"
msgstr ""
"Attenzione: il messaggio era stato crittografato usando una chiave debole\n"
"per il cifrario simmetrico\n"
#: g10/seskey.c:52
msgid "weak key created - retrying\n"
msgstr ""
msgstr "creata una chiave debole - riprovo\n"
#: g10/seskey.c:57
#, c-format
msgid "cannot avoid weak key for symmetric cipher; tried %d times!\n"
msgstr ""
#~ msgid "do not make any changes"
#~ msgstr "non fare cambiamenti"
#~ msgid "there is a secret key for this public key!\n"
#~ msgstr "c'è una chiave segreta per questa chiave pubblica!\n"
#~ msgid "use option \"--delete-secret-key\" to delete it first.\n"
#~ msgstr "prima usa l'opzione \"--delete-secret-key\" per cancellarla.\n"
#~ msgid "can't do that in batchmode without \"--yes\"\n"
#~ msgstr "impossibile fare questo in batch mode senza \"--yes\"\n"
#~ msgid "Delete this key from the keyring? "
#~ msgstr "Cancello questa chiave dal portachiavi? "
#~ msgid "This is a secret key! - really delete? "
#~ msgstr "Questa è una chiave segreta! - la cancello davvero? "
"Impossibile evitare una chiave debole per il cifrario simmetrico;\n"
"ho provato %d volte!\n"

4
tools/Makefile.am
View File

@ -1,6 +1,6 @@
## Process this file with automake to produce Makefile.in
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl -I../intl
INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
needed_libs = ../cipher/libcipher.a ../util/libutil.a \
../mpi/libmpi.a ../util/libutil.a
@ -20,5 +20,5 @@ bftest_LDADD = @INTLLIBS@ $(needed_libs)
shmtest_LDADD = @INTLLIBS@ $(needed_libs)
mpicalc bftest: $(needed_libs)
mpicalc bftest shmtest: $(needed_libs)

4
util/ChangeLog
View File

@ -1,3 +1,7 @@
Mon Sep 21 19:45:01 1998 Werner Koch (wk@(none))
* secmem.c: New flags to allow suspend/resume of warnings.
Fri Sep 18 16:25:47 1998 Werner Koch (wk@(none))
* secmem.c (lock_pool): Kludge for broken mlock on HPUX 10.20

36
util/secmem.c
View File

@ -67,6 +67,16 @@ static unsigned cur_blocks;
static int disable_secmem;
static int show_warning;
static int no_warning;
static int suspend_warning;
static void
print_warn()
{
if( !no_warning )
log_info(_("Warning: using insecure memory!\n"));
}
static void
lock_pool( void *p, size_t n )
@ -78,8 +88,10 @@ lock_pool( void *p, size_t n )
uid = getuid();
#ifdef HAVE_BROKEN_MLOCK
if( uid )
err = EPERM;
if( uid ) {
errno = EPERM;
err = errno;
}
else {
err = mlock( p, n );
if( err && errno )
@ -179,13 +191,26 @@ compress_pool(void)
void
secmem_set_flags( unsigned flags )
{
int was_susp = suspend_warning;
no_warning = flags & 1;
suspend_warning = flags & 2;
/* and now issue the warning if it is not longer suspended */
if( was_susp && !suspend_warning && show_warning ) {
show_warning = 0;
print_warn();
}
}
unsigned
secmem_get_flags(void)
{
return no_warning ? 1:0;
unsigned flags;
flags = no_warning ? 1:0;
flags |= suspend_warning ? 2:0;
return flags;
}
void
@ -220,10 +245,9 @@ secmem_malloc( size_t size )
if( !pool_okay )
log_bug("secmem not initialized\n");
if( show_warning ) {
if( show_warning && !suspend_warning ) {
show_warning = 0;
if( !no_warning )
log_info(_("Warning: using insecure memory!\n"));
print_warn();
}
/* blocks are always a multiple of 32 */

28
zlib/Makefile
View File

@ -66,33 +66,33 @@ host_alias = i586-pc-linux-gnu
host_triplet = i586-pc-linux-gnu
target_alias = i586-pc-linux-gnu
target_triplet = i586-pc-linux-gnu
CATALOGS = en.gmo de.gmo it.gmo fr.gmo
CATOBJEXT = .gmo
CATALOGS =
CATOBJEXT =
CC = gcc
CPP = gcc -E
DATADIRNAME = share
DYNLINK_LDFLAGS = -rdynamic
G10_LOCALEDIR = /usr/local/share/locale
G10_LOCALEDIR = /usr/local//locale
GENCAT =
GMOFILES = en.gmo de.gmo it.gmo fr.gmo
GMSGFMT = /usr/local/bin/msgfmt
GMSGFMT =
GT_NO =
GT_YES = #YES#
INCLUDE_LOCALE_H = #include <locale.h>
INSTOBJEXT = .mo
INTLDEPS = $(top_builddir)/intl/libintl.a
INTLLIBS = $(top_builddir)/intl/libintl.a
INTLOBJS = $(GETTOBJS)
INSTOBJEXT =
INTLDEPS =
INTLLIBS =
INTLOBJS =
MKINSTALLDIRS = scripts/mkinstalldirs
MPI_EXTRA_ASM_OBJS =
MSGFMT = /usr/local/bin/msgfmt
MSGFMT =
PACKAGE = gnupg
POFILES = en.po de.po it.po fr.po
POSUB = po
POSUB =
RANLIB = ranlib
USE_INCLUDED_LIBINTL = yes
USE_NLS = yes
VERSION = 0.4.0
USE_INCLUDED_LIBINTL = no
USE_NLS = no
VERSION = 0.4.0a
ZLIBS =
l =
@ -122,7 +122,7 @@ LIBRARIES = $(noinst_LIBRARIES)
DEFS = -DHAVE_CONFIG_H -I. -I$(srcdir) -I..
CPPFLAGS =
LDFLAGS =
LIBS = -ldl -lz
LIBS = -ldl -lz
libzlib_a_LIBADD =
libzlib_a_OBJECTS = adler32.o compress.o crc32.o gzio.o uncompr.o \
deflate.o trees.o zutil.o inflate.o infblock.o inftrees.o infcodes.o \